H3C Technologies H3C SecPath F1000-E User Manual

Page 421

409

Table 61 Configuration items

Item Description

VPN Domain Name

Enter a name for the VPN domain.

Identity
Authentication
Settings

Authentication Method

Select an authentication method for the VAM server to use to
authenticate the VAM clients. Options include PAP, CHAP, and

None. None means no identity authentication.

ISP Domain Name

Specify the ISP domain for VAM client authentication. You can
perform the following configurations:

•

Click Add to enter the page shown in

Figure 302

and add

an ISP domain. For ISP domain configuration information,

see

Table 62

•

Select an ISP domain and click Modify to modify the ISP

domain. For ISP domain configuration information,

see

Table 62

•

Select an ISP domain and click Delete to delete the ISP

domain.

If you specify an ISP domain, the specified domain will be used

for authentication.
If you do not specify any ISP domain, the VAM server will check
whether domain information is carried in a username. If yes, the

domain will be used for authentication (if the domain does not

exist, the authentication will fail); otherwise, the default domain
(system by default) will be used for authentication.

Authentication Algorithms

Select authentication and encryption algorithms for VAM
protocol packets.
With the selected authentication and encryption algorithms, the
VAM server negotiates with a client to determine the packet

integrity authentication and encryption algorithms to be used
for VAM protocol packets between them.

•

Available authentication algorithms include SHA1 and

MD5, in descending order of priority.

•

Available encryption algorithms include AES-128, 3DES,

and DES, in descending order of priority.

Encryption Algorithms

Pre-Shared Key

Enter a pre-shared key for the VAM server.
The pre-shared key is used to generate the keys for securing the
channels between the VAM server and a client. In the

connection initialization process, the pre-shared key is used to
generate the initial key for validating and encrypting

connection requests and connection responses. If encryption

and authentication is needed for subsequent packets, the
pre-shared key is also used to generate the connection key for

validating and encrypting the subsequent packets.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS