beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 8

background image

iii

Configuring a DS-Lite tunnel ······································································································································· 109

 

Configuration prerequisites ································································································································ 109

 

Configuring the CPE of a tunnel ························································································································ 109

 

Configuring the AFTR of a tunnel······················································································································· 110

 

Configuration example ······································································································································· 111

 

Configuring an IPv6 over IPv6 tunnel ························································································································ 115

 

Configuration prerequisites ································································································································ 115

 

Configuration guidelines ···································································································································· 115

 

Configuration procedure ···································································································································· 115

 

Configuration example ······································································································································· 116

 

Displaying and maintaining tunneling configuration ······························································································· 119

 

Troubleshooting tunneling configuration ··················································································································· 120

 

Symptom ······························································································································································· 120

 

Solution ································································································································································· 120

 

Configuring IKE ······················································································································································· 121

 

Feature and hardware compatibility ·························································································································· 121

 

IKE overview ································································································································································· 121

 

IKE security mechanism ······································································································································· 121

 

IKE operation ······················································································································································· 122

 

Functions of IKE in IPsec ····································································································································· 122

 

Relationship between IKE and IPsec ·················································································································· 123

 

Protocols and standards ····································································································································· 123

 

IKE configuration prerequisites ··································································································································· 123

 

Configuring IKE in the Web interface ························································································································ 124

 

IKE configuration task list ···································································································································· 124

 

Configuring global IKE parameters ··················································································································· 124

 

Configuring an IKE proposal ····························································································································· 125

 

Configuring IKE DPD ··········································································································································· 127

 

Configuring an IKE peer ····································································································································· 128

 

Viewing IKE SAs ·················································································································································· 131

 

IKE configuration example in the Web interface ······································································································ 132

 

Configuring IKE at the CLI ··········································································································································· 134

 

IKE configuration task list ···································································································································· 134

 

Configuring a name for the local security gateway ························································································ 135

 

Configuring an IKE proposal ····························································································································· 135

 

Configuring an IKE peer ····································································································································· 136

 

Setting keepalive timers ······································································································································ 139

 

Setting the NAT keepalive timer ························································································································ 139

 

Configuring a DPD detector ······························································································································· 139

 

Disabling next payload field checking ············································································································· 140

 

Displaying and maintaining IKE ························································································································ 140

 

IKE configuration examples at the CLI ······················································································································· 141

 

Main mode IKE with pre-shared key authentication configuration example ················································ 141

 

Aggressive mode IKE with NAT traversal configuration example ································································· 145

 

Troubleshooting IKE ····················································································································································· 148

 

Invalid user ID ······················································································································································ 148

 

Proposal mismatch ·············································································································································· 149

 

Failing to establish an IPsec tunnel ···················································································································· 149

 

ACL configuration error ······································································································································ 150

 

Configuring IPsec ···················································································································································· 151

 

Feature and hardware compatibility ·························································································································· 151

 

IPsec overview ······························································································································································ 151

 

Security protocols ················································································································································ 151