Enabling vam client, Configuring an ipsec profile, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

447

Step Command

Remarks

3.

Specify the pre-shared key of
the VAM client.

pre-shared-key { cipher | simple }
key-string

Not specified by default

NOTE:

In a VPN domain, all the VAM clients and the VAM server must be configured with the same pre-shared
key.

Enabling VAM client

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable VAM client.

•

(Approach 1) Enable VAM client for all VAM clients

or a specific VAM client:

vam client enable { all | name client-name }

•

(Approach 2) Enable VAM client for a VAM client:

a.

vam client name client-name

b.

client enable

Use either approach.
Disabled by default.

Configuring an IPsec profile

An IPsec profile secures the transmission of data packets and control packets over a DVPN tunnel. It uses

the security protocol of ESP or AH and employs IKE for security policy negotiation.

Configuration prerequisites

Before you configure an IPsec profile, complete the following tasks:

•

Configure the IPsec proposals for the IPsec profile to reference

•

Configure the IKE peer for the IPsec profile to reference

For more information about IPsec and IKE, see "Configuring IPsec" and "Configuring IKE."

Configuration procedure

To configure an IPsec profile:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an IPsec profile and

enter IPsec profile view.

ipsec profile profile-name

By default, no IPsec profile is
created.

3.

Specify the IPsec proposals for

the IPsec profile to reference. proposal proposal-name&<1-6>

By default, an IPsec profile
references no IPsec proposal.

4.

Specify the IKE peer for the

IPsec profile to reference.

ike-peer peer-name

By default, an IPsec profile
references no IKE peer