H3C Technologies H3C SecPath F1000-E User Manual

Page 427

415

Item Description

Tunnel Interface Number

Enter a sequence number for the tunnel interface.

IP Address/Mask

Specify the private IP address and mask for the tunnel interface.

IMPORTANT:

In a VPN domain, the private IP addresses of all tunnel interfaces must be in

the same subnet.

Security Zone of Interface

Select a security zone for the tunnel interface.

Tunnel Source Address/Interface

Specify the tunnel source address for the tunnel interface, namely, the IP
address of the physical interface that sends DVPN packets. You can enter

an IP address, or select an interface to use the primary IP address of the

interface as the tunnel source address.

IMPORTANT:

If you configure multiple DVPN tunnels that use GRE encapsulation, you must

configure unique source addresses or source interfaces for these tunnels.

VAM Client
Setting

VPN Domain
Name

Specify the VPN domain to which the VAM client belongs.

VAM Server IP

Specify the IP address of the main VAM server.

Backup VAM
Server IP

Specify the IP address of the backup VAM server.

Username

Specify the username and password for identity authentication of VAM
clients.

IMPORTANT:

The Username and Password fields must both be configured or both not be
configured.

Password

Pre-Shared Key

Specify the pre-shared key for the VAM client.
The pre-shared key is used to generate the keys for security of the channels

between the VAM server and a VAM client.

IMPORTANT:

In a VPN domain, all the VAM clients and the VAM server must be configured

with the same pre-shared key.

DVPN
Session
Settings

Session Idle Time Set the idle timeout for the DVPN Spoke-Spoke tunnel.

Keepalive Interval Set the interval between sending keepalive packets and the maximum

number of attempts for sending keepalive packets when there is no

response.

IMPORTANT:

In a VPN domain, the DVPN keepalive settings for all tunnel interfaces must

be consistent.

Keepalive Retries

Enable IPSec

Specify whether to enable IPsec.
An IPsec profile can be used to secure the transmission of data packets and
control packets over a DVPN tunnel. It uses the security protocol of ESP or

AH and employs IKE for security policy negotiation.
If you select this option, you can perform the IPsec configuration.

Table 65

describes the IPsec configuration items in detail.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS