beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 9

background image

iv

Basic concepts ····················································································································································· 152

 

IPsec tunnel interface ··········································································································································· 154

 

IPsec for IPv6 routing protocols ·························································································································· 155

 

IPsec RRI································································································································································ 155

 

IPsec stateful failover ··········································································································································· 156

 

Protocols and standards ····································································································································· 157

 

IPsec implementation ··················································································································································· 157

 

Configuring ACL-based IPsec in the Web interface ································································································· 157

 

Configuration considerations ····························································································································· 157

 

Recommended configuration procedure ··········································································································· 158

 

Configuring ACLs ················································································································································ 159

 

Configuring an IPsec proposal ·························································································································· 162

 

Configuring an IPsec policy template ················································································································ 165

 

Configuring an IPsec policy ······························································································································· 168

 

Applying an IPsec policy group ························································································································· 171

 

Displaying IPsec SAs ··········································································································································· 172

 

Displaying packet statistics ································································································································· 172

 

Configuring ACL-based IPsec at the CLI ···················································································································· 173

 

Configuration task list ········································································································································· 173

 

Configuring ACLs ················································································································································ 173

 

Configuring an IPsec proposal ·························································································································· 175

 

Configuring a manual IPsec policy···················································································································· 176

 

Configuring an IPsec policy that uses IKE ········································································································· 178

 

Applying an IPsec policy group to an interface ······························································································· 181

 

Enabling the encryption engine ························································································································· 182

 

Enabling ACL checking of de-encapsulated IPsec packets ············································································· 182

 

Configuring the IPsec anti-replay function ········································································································ 182

 

Configuring packet information pre-extraction ································································································ 183

 

Enabling invalid SPI recovery ···························································································································· 184

 

Configuring IPsec RRI ·········································································································································· 184

 

Configuring tunnel interface-based IPsec ·················································································································· 185

 

Configuration task list ········································································································································· 186

 

Configuring an IPsec profile ······························································································································· 186

 

Configuring an IPsec tunnel interface ··············································································································· 188

 

Enabling packet information pre-extraction on the IPsec tunnel interface ····················································· 189

 

Applying a QoS policy to an IPsec tunnel interface ························································································ 190

 

Configuring IPsec for IPv6 routing protocols ············································································································· 190

 

Configuring IPsec stateful failover ······························································································································ 191

 

Configuration prerequisites ································································································································ 191

 

Configuration procedure ···································································································································· 192

 

Displaying and maintaining IPsec ······························································································································ 192

 

IPsec configuration examples······································································································································ 193

 

Manual mode IPsec tunnel for IPv4 packets configuration example in the Web interface ························· 193

 

Manual mode IPsec tunnel for IPv4 packets configuration example at the CLI ············································ 198

 

IKE-based IPsec tunnel for IPv4 packets configuration example ····································································· 201

 

IPsec with IPsec tunnel interfaces configuration example················································································ 203

 

IPsec for RIPng configuration example ·············································································································· 207

 

IPsec RRI configuration example ························································································································ 211

 

IPsec stateful failover configuration example ··································································································· 214

 

IPsec configuration guidelines ···································································································································· 222

 

IPsec VPN configuration wizard ···························································································································· 223

 

IPsec VPN configuration wizard overview ················································································································ 223

 

Configuring an IPsec VPN ··········································································································································· 223

 

Launching the IPsec VPN policy configuration wizard ···················································································· 223