Configuring an ike proposal, Figure 3 – H3C Technologies H3C SecPath F1000-E User Manual
Page 702
5
Figure 3 IKE global configuration page
describes the configuration items for configuring global IKE parameters.
Table 2 Global IKE configuration items
Item
Description
IKE Local Name
Type a name for the local security gateway.
If the local device acts as the IKE negotiation initiator and uses the security gateway name
for IKE negotiation, you need to configure this argument on the local device. Then, the
local device sends its gateway name as identification to its peer and the peer uses the
locally configured remote gateway name to authenticate the local device. Therefore,
make sure that the local gateway name configured here is identical to the remote
gateway name configured on its peer.
By default, the device name is used as the local gateway name.
NAT Keepalive
Interval
Set the interval at which the ISAKMP SA sends NAT keepalive packets to its peer.
NAT mappings on a NAT gateway may get aged. If no packet traverses an IPsec tunnel
in a certain period of time, the NAT mapping will be deleted, disabling the tunnel beyond
the NAT gateway from transferring data. To prevent NAT mappings from being aged, an
ISAKMP SA sends to its peer NAT keepalive packets at a certain interval to keep the NAT
session alive.
.
Configuring an IKE Proposal
Select VPN > IKE > Proposal from the navigation tree to display existing IKE proposals, as shown in
. Then, click Add to enter the IKE proposal configuration page, as shown in
.
Figure 4 IKE proposal list