H3C Technologies H3C SecPath F1000-E User Manual

226

Figure 138 IPsec VPN policy configuration wizard: 3/4 (center node)

5.

Configure the parameters as described in

Table 17

Table 17 Configuration items

Item

Description

Encryption Suite

Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption

algorithms to be used. Options include:

•

TUNNEL-ESP-SHA1-3DES—Uses the tunnel mode for IP packet encapsulation, ESP for

packet protection, SHA1 for authentication, and 3DES for encryption.

•

TUNNEL-ESP-MD5-DES—Uses the tunnel mode for IP packet encapsulation, ESP for

packet protection, MD5 for authentication, and DES for encryption.

•

TUNNEL-AH-MD5-ESP-DES—Uses the tunnel mode for IP packet encapsulation, ESP

and AH for packet protection, MD5 for AH authentication, and DES for ESP encryption.

•

TUNNEL-AH-MD5-ESP-3DES—Uses the tunnel mode for IP packet encapsulation, ESP

and AH for packet protection, MD5 for AH authentication, and 3DES for ESP
encryption.

Pre-Shared Key

Select the authentication method for IKE negotiation and specify the required argument.
Options include:

•

Pre-Shared Key—Uses the pre-shared key authentication method.

•

PKI Domain—Uses the RSA signature authentication method. Available PKI domains

are those configured by selecting VPN > Certificate Manager > Domain from the

navigation tree.

IMPORTANT:

If you select PKI Domain, an IKE proposal numbered 1 will be created.

PKI Domain

Enable DPD

Select this box to enable dead peer detection (DPD). If you enable DPD and the name of
the IPsec VPN is abc, the wizard will create a DPD named abc_dpd and apply it to peer
abc_peer.