Ipsec tunnel, Protocols and standards, Configuring ipsec – H3C Technologies H3C SecPath F1000-E User Manual
Page 716: Configuration task list
4
IPsec tunnel
An IPsec tunnel is a bidirectional channel created between two peers. An IPsec tunnel consists of one or
more pairs of SAs.
Protocols and Standards
Protocols and standards relevant to IPsec are as follows:
•
RFC 2401 Security Architecture for the Internet Protocol
•
RFC 2402 IP Authentication Header
•
RFC 2406 IP Encapsulating Security Payload
Configuring IPsec
Configuration Task List
You configure IPsec tunnels on the device by configuring IPsec polices. The IPsec policies use ACLs to
identify protected traffic, and take effect after being applied to physical interfaces.
The following is the generic IPsec policy configuration procedure:
1.
Configure ACLs for identifying the data flows to be protected by IPsec.
2.
Configure security proposals to specify the security protocols, authentication and encryption
algorithms, and encapsulation mode. A security proposal will apply to data flows associated with
it.
3.
Configure IPsec policies to associate data flows with IPsec proposals and specify the SA
negotiation mode, the start and end points of the IPsec tunnels, the privacy keys, and the SA
lifetime.
4.
Apply the IPsec policies to interfaces.
Perform the tasks in
to configure IPsec.
Table 1 IPsec configuration task list
Task Remarks
Required
Configure ACLs to identify the data flows to be protected by IPsec.
IMPORTANT:
This document introduces only how to reference ACLs in IPsec. To
create ACLs, select Firewall > ACL from the navigation tree. For
detailed procedure, see ACL Configuration.
Required
An IPsec proposal defines a set of security parameters for IPsec SA
negotiation, including the security protocol, encryption and
authentication algorithms, and encapsulation mode.
IMPORTANT:
Changes to an IPsec proposal affect only SAs negotiated after the
changes are made.