Configuring an ipsec policy template, Table 3 – H3C Technologies H3C SecPath F1000-E User Manual
Page 723
11
Table 3 IPsec proposal configuration items in custom mode
Item
Description
Proposal Name
Type a name for the IPsec proposal.
Encapsulation
Mode
Select an IP packet encapsulation mode for the IPsec proposal.
•
Tunnel: Uses the tunnel mode.
•
Transport: Uses the transport mode.
Security Protocol
Select a security protocol setting for the proposal.
•
AH: Uses the AH protocol.
•
ESP: Uses the ESP protocol.
•
AH-ESP: Uses ESP first and then AH.
AH Authentication
Algorithm
Select an authentication algorithm for AH when the security protocol setting is AH or
AH-ESP.
Available authentication algorithms include MD5 and SHA1.
ESP Authentication
Algorithm
Select an authentication algorithm for ESP when the security protocol setting is ESP or
AH-ESP.
You can select MD5 or SHA1, or leave it null so the ESP performs no authentication.
IMPORTANT:
The ESP authentication algorithm and ESP encryption algorithm cannot be both null.
ESP Encryption
Algorithm
Select an encryption algorithm for ESP when the security protocol is ESP or AH-ESP.
•
DES: Uses the DES algorithm and 56-bit keys for encryption.
•
3DES: Uses the 3DES algorithm and 168-bit keys for encryption.
•
AES128: Uses the AES algorithm and 128-bit keys for encryption.
•
AES192: Uses the AES algorithm and 192-bit keys for encryption.
•
AES256: Uses the AES algorithm and 256-bit keys for encryption.
•
Leave it null so the ESP performs no encryption.
IMPORTANT:
z
Higher security means increased complexity and decreased speed. DES is
sufficient for general security requirements. Use 3DES if you require very high
confidentiality and security.
z
The ESP authentication and encryption algorithms cannot be both null.
.
Configuring an IPsec Policy Template
Select VPN > IPSec > Policy-Template from the navigation tree to enter IPsec policy template
management page, as shown in
. Then, click Add to add an IPsec policy template on the page
shown in
.