H3C Technologies H3C SecPath F1000-E User Manual

14

Figure 13 Create an IKE proposal numbered 10

•

Type 10 as the IKE proposal number.

•

Select Preshared Key as the authentication method.

•

Select MD5 as the authentication algorithm.

•

Type 5000 as the SA lifetime.

•

Click Apply.

Step2

Configure security gateway Device B

# Configure the IKE peer.
Select VPN > IKE > Peer from the navigation tree and then click Add to enter the IKE peer
configuration page, as shown in

Figure 12

. Perform the following configurations:

•

Type peer as the peer name.

•

Select Main as the negotiation mode.

•

Type 1.1.1.1 as the remote gateway IP address.

•

Select Pre-Shared Key and type abcde as the pre-shared key.

•

Click Apply.

After the above configuration, security gateways Device A and Device B should be able to perform IKE

negotiation. Device A is configured with an IKE proposal numbered 10, which uses the authentication

algorithm of MD5, but Device B has only a default IKE proposal, which uses the default authentication

algorithm of SHA. Therefore, Device B has no proposal matching proposal 10 of Device A, and the two
devices have only one pair of matched proposals, namely the default IKE proposals. In addition, the two

devices are not required to have the same ISAKMP SA lifetime; they will negotiate one.