H3C Technologies H3C SecPath F1000-E User Manual

Page 428

416

Table 65 Configuration items

Item Description

Authentication Method

Specify an authentication method for IKE negotiation.

•

Pre-Shared Key: Uses the pre-shared key authentication method. If you

select this method, you must configure the pre-shared key.

•

Certificate: Uses the digital signature authentication method. If you select

this method, you must select a subject of the local certificate. Available

local certificates are those configured in VPN > Certificate Management.

Gateway ID

Remote ID Type

Select the remote ID type for IKE
negotiation phase 1.

•

IP Address: Uses the remote-end IP

address of the DVPN session as the ID in

IKE negotiation.

•

Gateway Name: Uses the gateway

name in the Fully Qualified Domain

Name (FQDN) type as the ID in IKE

negotiation. If you select this type,
specify the remote gateway ID.

IMPORTANT:

•

If the IKE negotiation

initiator uses the local ID

type of gateway name as
the ID for IKE negotiation,

it sends its gateway ID to

the peer, and the peer

uses the locally configured
remote gateway ID to

authenticate the initiator.

Therefore, make sure that
the remote gateway ID

specified here is identical

to the local gateway ID
specified on its peer.

•

In main mode, only the ID

type of IP address can be
used in IKE negotiation

and SA establishment.

Local ID Type

Select the local ID type for IKE negotiation
phase 1.

•

IP Address: Uses the local-end IP

address of the DVPN session as the ID in
IKE negotiation.

•

Gateway Name: Uses the gateway

name in the FQDN type as the ID in IKE
negotiation. If you select this type, you

need to specify the local gateway ID, a

string without the at sign (@), such as
foo.bar.com.

Phase 1

Exchange
Mode

Select the IKE exchange mode in phase 1, which can be Main or Aggressive.

IMPORTANT:

•

If you select Gateway Name for Local ID Type, you must set the exchange

mode to Aggressive.

•

An IKE peer uses its configured exchange mode when it is the negotiation

initiator. A negotiation responder uses the same exchange mode as the

initiator.

Authentication
Algorithm

Select the authentication algorithm to be used in IKE negotiation.

•

SHA1: Uses the HMAC-SHA1 algorithm for authentication.

•

MD5: Uses the HMAC-MD5 algorithm for authentication.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS