beautypg.com

Specifying the client authentication mode, Specifying hub ip addresses – H3C Technologies H3C SecPath F1000-E User Manual

Page 455

background image

443

To configure VAM protocol packet security parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VPN domain view.

vam server vpn vpn-name

N/A

3.

Specify the algorithms for
protocol packet

authentication and their

priorities.

authentication-algorithm { none |

{ md5 | sha-1 } * }

Optional.
By default, SHA-1 is used for

protocol packet authentication.

4.

Specify the algorithms for
protocol packet encryption

and their priorities.

encryption-algorithm { { 3des |
aes-128 | des } * | none }

Optional.
By default, three encryption
algorithms are available and

preferred in this order: AES-128,
3DES and DES.

NOTE:

In the connection initialization process, SHA-1 is always used for authenticating connection requests
from clients and connection responses from the server. Whether subsequent protocol packets are to be

authenticated and what algorithms are available for authentication depend on your configuration.

In the connection initialization process, AES-128 is always used for encrypting connection requests from
clients and connection responses from the server. Whether subsequent protocol packets are to be

encrypted and what algorithms are available for encryption depend on your configuration.

The configuration order of the algorithms determines the priorities of the algorithms.

Specifying the client authentication mode

A VAM server supports only PAP and CHAP authentication.
To configure the client authentication mode:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VPN domain view.

vam server vpn vpn-name

N/A

3.

Specify the client

authentication mode.

authentication-method { none |
{ chap | pap } [ domain
name-string ] }

By default, a VAM server performs
CHAP authentication of clients,

using the default domain

configured for the system.

Specifying hub IP addresses

To specify a hub:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter VPN domain view.

vam server vpn vpn-name

N/A

3.

Specify the private IP address
and public IP address of a

hub.

hub private-ip private-ip-address
[ public-ip public-ip-address ]

No hub is specified by default.