H3C Technologies H3C SecPath F1000-E User Manual
Page 175
163
Figure 109 IPsec proposal configuration wizard page
3.
Click Suite mode to configure an IPsec proposal as described in
, or click Custom mode
to configure an IPsec proposal as described in
4.
Click Apply.
Figure 110 IPsec proposal configuration in suite mode
Table 10 Configuration items in suite mode
Item Description
Proposal Name
Enter a name for the IPsec proposal.
Encryption Suite
Select an encryption suite for the proposal. An encryption suite specifies the IP packet
encapsulation mode, security protocol, and authentication and encryption algorithms to
be used.
Available encryption suites include:
•
Tunnel-ESP-DES-MD5—Uses the ESP security protocol, the DES encryption algorithm,
and the MD5 authentication algorithm.
•
Tunnel-ESP-3DES-MD5—Uses the ESP security protocol, the 3DES encryption
algorithm, and the MD5 authentication algorithm.
•
Tunnel-AH-MD5-ESP-DES—Uses the ESP and AH security protocols successively,
making ESP use the DES encryption algorithm and perform no authentication and
making AH use the MD5 authentication algorithm
•
Tunnel-AH-MD5-ESP-3DES—Uses the ESP and AH security protocols successively,
making ESP use the 3DES encryption algorithm and perform no authentication, and
making AH use the MD5 authentication algorithm.
All these suites use the tunnel mode for IP packet encapsulation.
NOTE:
In FIPS mode, the firewall does not support configuring an IPsec proposal by using an
encryption suite.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS