beautypg.com

Command reference – H3C Technologies H3C Intelligent Management Center User Manual

Page 71

background image

53

Table 6 Configure an IPsec policy through IKE negotiation

Configuration

item

Sub-item Description

IKE peer

Negotiation mode

Main mode or aggressive mode.

Negotiation ID type

IP address in main mode, IP address or name in aggressive
mode.

Peer IP

IP address range of the peer. It must include the iNode client's
IP address, because only clients in this IP address range can

perform IKE negotiation.

Authentication
method

Configure a pre-shared key or a PKI domain according to the
authentication method (pre-shared key or digital signature
authentication) configured in the IKE proposal.

IPsec proposal

Encapsulation mode

Tunnel mode or transport mode. Usually,
the tunnel mode is used.

Check the support
of the iNode client

for these
parameters. Make

sure the

configuration is
consistent on the

VPN gateway and

the iNode client.

Security protocol

AH or ESP.
AH supports only authentication
algorithms. ESP supports both

authentication and encryption

algorithms.

Authentication
algorithm

AH supports MD5 and SHA.
ESP supports MD5 and SHA.

Encryption algorithm

AH does not support encryption
algorithms.
ESP supports DES and 3DES.

ACL

N/A

Use the ACL to identify the data flows to be protected by IPsec.

IPsec policy

N/A

Reference the configured IKE peer, IPsec proposal, and ACL in
the IPsec policy.

3.

Enable IPsec.
Enable IPsec on the interface connected to the iNode client.

Command reference

The following information provides an example for the L2TP IPsec VPN authentication configuration
commands on the VPN gateway. The commands can vary on your device.

[VPNgateway] radius scheme vpn

[VPNgateway-radius-vpn] primary authentication 192.168.20.105 1812

[VPNgateway-radius-vpn] primary accounting 192.168.20.105 1813

[VPNgateway-radius-vpn] key authentication hello

[VPNgateway-radius-vpn] key accounting hello

[VPNgateway-radius-vpn] server-type extended

[VPNgateway-radius-vpn] user-name-format with-domain

[VPNgateway-radius-vpn] quit

[VPNgateway] domain vpn

[VPNgateway-isp-vpn] authentication ppp radius-scheme vpn

[VPNgateway-isp-vpn] authorization ppp radius-scheme vpn

See also other documents in the category H3C Technologies Safety: