R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
i
Contents
GRE configuration ························································································································································ 1
GRE overview ···································································································································································· 1
GRE security options ················································································································································ 2
GRE applications ······················································································································································ 3
Protocols and standards ·········································································································································· 4
Configuring GRE in the web interface ···························································································································· 4
Configuration prerequisites ····································································································································· 4
Configuration task list ·············································································································································· 5
Creating a GRE tunnel ············································································································································· 5
GRE over IPv4 tunnel configuration example ········································································································ 6
Configuring GRE in the CLI ·············································································································································· 8
Configuring a GRE over IPv4 tunnel ······················································································································ 8
Displaying and maintaining GRE ························································································································ 10
GRE over IPv4 tunnel configuration example ····································································································· 10
IKE Configuration ······················································································································································· 14
IKE overview ··································································································································································· 14
Security mechanism of IKE ··································································································································· 14
IKE operation ························································································································································· 14
Functions of IKE in IPsec ······································································································································· 15
Relationship between IKE and IPsec ···················································································································· 16
Configuring IKE in the web interface ··························································································································· 16
Configuration task list ··········································································································································· 16
Configuring global IKE parameters ····················································································································· 17
Configuring an IKE proposal ······························································································································· 18
Configuring IKE DPD ············································································································································· 20
Configuring an IKE peer ······································································································································· 21
Viewing IKE SAs ···················································································································································· 23
IKE configuration example ··································································································································· 24
Configuring IKE in the CLI ············································································································································· 25
IKE configuration task list ······································································································································ 25
Configuring a name for the local security gateway ·························································································· 26
Configuring an IKE proposal ······························································································································· 26
Configuring an IKE peer ······································································································································· 27
Setting keepalive timers ········································································································································ 29
Setting the NAT keepalive timer ·························································································································· 30
Configuring a DPD detector ································································································································· 30
Disabling next payload field checking ··············································································································· 31
Displaying and maintaining IKE ·························································································································· 31
Main mode IKE with pre-shared key authentication configuration example ·················································· 31
Troubleshooting IKE ······················································································································································· 36
Invalid user ID ························································································································································ 36
Proposal mismatch ················································································································································ 36
Failing to establish an IPsec tunnel ······················································································································ 37
ACL configuration error ········································································································································ 37
IPsec configuration ····················································································································································· 38
IPsec overview ································································································································································ 38
IPsec operation ······················································································································································ 38
Basic concepts ······················································································································································· 39