beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 67

background image

10

Step3

Click Next to enter the next page, as shown in

Figure 11

.

Figure 11 IPsec VPN policy configuration wizard: 3/4 (peer node)

Step4

Configure the items on the page.

Table 6

describes the configuration items.

Table 6 Configuration items on a peer node: 3/4

Item

Description

Source IP

Address/Wildcard

Destination IP
Address/Wildcard

Protocol Type

Specify the traffic to be protected by giving the source IP address and wildcard,

destination IP address and wildcard, and the protocol type.

IMPORTANT:

Based on these configurations, the wizard will create an advanced ACL that permit
packets matching these criteria and apply this ACL to the IPsec policy. The ACL
number will be the smallest, available number in the range 3000 to 3999. If there is
no number available for the ACL, the wizard will prompt that your IPsec VPN policy
configuration fails.

Encryption Suite

Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption

algorithms to be used.

TUNNEL-ESP-SHA1-3DES: Uses the tunnel mode for IP packet encapsulation,
ESP for packet protection, SHA1 for authentication, and 3DES for encryption.

TUNNEL-ESP-MD5-DES: Uses the tunnel mode for IP packet encapsulation, ESP
for packet protection, MD5 for authentication, and DES for encryption.

TUNNEL-AH-MD5-ESP-DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and

DES for ESP encryption.

TUNNEL-AH-MD5-ESP-3DES: Uses the tunnel mode for IP packet
encapsulation, ESP and AH for packet protection, MD5 for AH authentication, and
3DES for ESP encryption.

This manual is related to the following products: