Specifying the client authentication mode, Specifying hub ip addresses – H3C Technologies H3C SecPath F1000-E User Manual
Page 455
443
To configure VAM protocol packet security parameters:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter VPN domain view.
vam server vpn vpn-name
N/A
3.
Specify the algorithms for
protocol packet
authentication and their
priorities.
authentication-algorithm { none |
{ md5 | sha-1 } * }
Optional.
By default, SHA-1 is used for
protocol packet authentication.
4.
Specify the algorithms for
protocol packet encryption
and their priorities.
encryption-algorithm { { 3des |
aes-128 | des } * | none }
Optional.
By default, three encryption
algorithms are available and
preferred in this order: AES-128,
3DES and DES.
NOTE:
•
In the connection initialization process, SHA-1 is always used for authenticating connection requests
from clients and connection responses from the server. Whether subsequent protocol packets are to be
authenticated and what algorithms are available for authentication depend on your configuration.
•
In the connection initialization process, AES-128 is always used for encrypting connection requests from
clients and connection responses from the server. Whether subsequent protocol packets are to be
encrypted and what algorithms are available for encryption depend on your configuration.
•
The configuration order of the algorithms determines the priorities of the algorithms.
Specifying the client authentication mode
A VAM server supports only PAP and CHAP authentication.
To configure the client authentication mode:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter VPN domain view.
vam server vpn vpn-name
N/A
3.
Specify the client
authentication mode.
authentication-method { none |
{ chap | pap } [ domain
name-string ] }
By default, a VAM server performs
CHAP authentication of clients,
using the default domain
configured for the system.
Specifying hub IP addresses
To specify a hub:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter VPN domain view.
vam server vpn vpn-name
N/A
3.
Specify the private IP address
and public IP address of a
hub.
hub private-ip private-ip-address
[ public-ip public-ip-address ]
No hub is specified by default.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS