H3C Technologies H3C SecPath F1000-E User Manual
Page 64
7
Step3
Click Next to enter the next page, as shown in
Figure 8 IPsec VPN policy configuration wizard: 3/4 (branch node)
Step4
Configure the items on the page.
describes the configuration items.
Table 4 Configuration items on a branch node: 3/4
Item
Description
Source IP
Address/Wildcard
Destination IP
Address/Wildcard
Protocol Type
Specify the traffic to be protected by giving the source IP address and wildcard,
destination IP address and wildcard, and the protocol type.
IMPORTANT:
Based on these configurations, the wizard will create an advanced ACL that permit
packets matching these criteria and apply this ACL to the IPsec policy. The ACL
number will be the smallest, available number in the range 3000 to 3999. If there is
no number available for the ACL, the wizard will prompt that your IPsec VPN policy
configuration fails.
Encryption Suite
Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption
algorithms to be used.
•
TUNNEL-ESP-SHA1-3DES: Uses the tunnel mode for IP packet encapsulation,
ESP for packet protection, SHA1 for authentication, and 3DES for encryption.
•
TUNNEL-ESP-MD5-DES: Uses the tunnel mode for IP packet encapsulation, ESP
for packet protection, MD5 for authentication, and DES for encryption.
•
TUNNEL-AH-MD5-ESP-DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and
DES for ESP encryption.
•
TUNNEL-AH-MD5-ESP-3DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and
3DES for ESP encryption.