H3C Technologies H3C SecPath F1000-E User Manual
Page 61
4
Figure 5 IPsec VPN policy configuration wizard: 3/4 (center node)
Step4
Configure the items on the page.
describes the configuration items.
Table 2 Configuration items on a center node: 3/4
Item
Description
Encryption Suite
Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption
algorithms to be used.
•
TUNNEL-ESP-SHA1-3DES: Uses the tunnel mode for IP packet encapsulation,
ESP for packet protection, SHA1 for authentication, and 3DES for encryption.
•
TUNNEL-ESP-MD5-DES: Uses the tunnel mode for IP packet encapsulation, ESP
for packet protection, MD5 for authentication, and DES for encryption.
•
TUNNEL-AH-MD5-ESP-DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and
DES for ESP encryption.
•
TUNNEL-AH-MD5-ESP-3DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and
3DES for ESP encryption.
Pre-Shared Key
PKI Domain
Select the authentication method for IKE negotiation and specify the required
argument.
•
Pre-Shared Key: Uses the pre-shared key authentication method.
•
PKI Domain: Uses the RSA signature authentication method. Available PKI domains
are those configured by selecting VPN > PKI > Domain from the navigation tree.
Enable DPD
Select this check box to enable dead peer detection (DPD). If you enable DPD and the
name of the IPsec VPN is abc, the wizard will create a DPD named abc_dpd and
apply it to peer abc_peer.