R3303-HP HSR6800 Routers Security Configuration Guide
292
Ste
p
Command
Remarks
7. Configure a name for the
local security gateway.
local-name name
Optional.
By default, no name is configured
for the local security gateway in
IKE peer view, and the security
gateway name configured by
using the ike local-name
command is used.
8. Specify the name of the
remote security gateway.
remote-name name
Optional.
The remote gateway name
configured with remote-name
command on the local gateway
must be identical to the local
name configured with the
local-name command on the
peer.
9. Configure an IP address for
the local gateway.
local-address [ ipv6 ] ip-address
Optional.
By default, it is the primary IP
address of the interface
referencing the security policy.
10. Specify the IP addresses of
the remote gateway.
remote-address [ ipv6 ] { hostname
[ dynamic ] | low-ip-address
[ high-ip-address ] }
Optional.
The remote IP address configured
with the remote-address
command on the local gateway
must be identical to the local IP
address configured with the
local-address command on the
peer.
11. Enable the NAT traversal
function for IPsec/IKE.
nat traversal
Optional.
Required when a NAT gateway is
present in the VPN tunnel
constructed by IPsec/IKE.
Disabled by default.
12. Set the subnet types of the
two ends.
• Set the subnet type of the local
end:
local { multi-subnet |
single-subnet }
• Set the subnet type of the peer
end:
peer { multi-subnet |
single-subnet }
Optional.
The default subnet type is
single-subnet.
Use these two commands only
when the device is working
together with a NetScreen
device.
13. Apply a DPD detector to the
IKE peer.
dpd dpd-name
Optional.
No DPD detector is applied to an
IKE peer by default.
For more information about DPD
configuration, see "Configuring a
DPD detector."