R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

• Enable NAT traversal. If there is NAT gateway on the path for tunneling, you must configure NAT

traversal at the two ends of the IPsec tunnel, because one end may use a public address while the

other end uses a private address.

• Specify the dead peer detection (DPD) detector for the IKE peer.

Follow these steps to configure an IKE peer:

To do… Use the command…

Remarks

Enter system view system-view —

Create an IKE peer and enter IKE

peer view

ike peer peer-name Required

Specify the IKE negotiation mode

for phase 1

exchange-mode { aggressive |

main }

Optional

main by default

Specify the IKE proposals for the

IKE peer to reference

proposal proposal-number&<1-6>

Optional

By default, an IKE peer references

no IKE proposals, and, when

initiating IKE negotiation, it uses

the IKE proposals configured in

system view .

Configure the pre-shared key for

pre-shared key authentication

pre-shared-key [ cipher | simple ]

key

Required

Configure either command

according to the authentication

method for the IKE proposal

Configure the PKI domain for

digital signature authentication

certificate domain domain-name

Select the ID type for IKE

negotiation phase 1

id-type { ip | name }

Optional

ip by default

Configure the

names of the

two ends

Specify a name

for the local

security

gateway

local-name name

Optional

By default, no name is configured

for the local security gateway in

IKE peer view, and the security

gateway name configured by

using the ike local-name command

is used.

The remote gateway name

configured with remote-name

command on the local gateway

must be identical to the local name

configured with the local-name

command on the peer.