H3C Technologies H3C SecPath F1000-E User Manual

Page 176

164

Figure 111 IPsec proposal configuration in custom mode

Table 11 Configuration items in custom mode

Item

Description

Proposal Name

Enter a name for the IPsec proposal.

Encapsulation
Mode

Select an IP packet encapsulation mode for the IPsec proposal. Options include:

•

Tunnel—Uses the tunnel mode.

•

Transport—Uses the transport mode.

Security Protocol

Select a security protocol setting for the proposal. Options include:

•

AH—Uses the AH protocol.

•

ESP—Uses the ESP protocol.

•

AH-ESP—Uses ESP first and then AH.

AH Authentication
Algorithm

Select an authentication algorithm for AH when the security protocol setting is AH or
AH-ESP.
Available authentication algorithms include MD5 and SHA1.
In FIPS mode, the firewall does not support MD5. If MD5 is selected, the configuration
does not take effect.

ESP Authentication
Algorithm

Select an authentication algorithm for ESP when the security protocol setting is ESP or
AH-ESP.
You can select MD5 or SHA1, or leave it null so the ESP performs no authentication.

IMPORTANT:

•

The ESP authentication algorithm and ESP encryption algorithm cannot be both null.

•

In FIPS mode, the firewall does not support MD5. Do not select MD5 but you must
select both an authentication algorithm and an encryption algorithm for ESP.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS