Ipsec vpn configuration wizard, Ipsec vpn configuration wizard overview, Configuring an ipsec vpn – H3C Technologies H3C SecPath F1000-E User Manual

223

IPsec VPN configuration wizard

The IPsec VPN configuration wizard is available only in the Web interface.
In FIPS mode, the firewall does not support the IPsec VPN configuration wizard.

IPsec VPN configuration wizard overview

The IPsec VPN policy configuration wizard provides a way to configure IPsec VPNs easily. For more

information about IPsec and IKE, see "Configuring IPsec" and "Configuring IKE."
IPsec VPN supports two networking modes: center-branch mode and peer-peer mode.

•

Center-branch mode applies to one-to-many networks as shown in

Figure 134

. A network in this

mode uses the aggressive mode for IKE negotiation and uses the security gateway name or IP

address as the ID type at the local end. The center node never initiates IPsec SA negotiation; the
branch nodes must take the responsibility.

Figure 134 Center-branch networking mode

•

Peer-peer mode applies to one-to-one networks as shown in

Figure 135

. A network in this mode uses

the main mode for IKE negotiation and can use only the ID type of IP address at the local end. Either

of the two peers can initiate IPsec SA negotiation.

Figure 135 Peer-peer networking mode

Configuring an IPsec VPN

Launching the IPsec VPN policy configuration wizard

1.

Select Wizard from the navigation tree to enter the Configuration Wizard page.

2.

Click the IPSec VPN Deployment hyperlink to enter the first page of the IPsec VPN policy
configuration page.