R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
42
Task Remarks
Configuring an IPsec policy
Required
Configure an IPsec policy by specifying the parameters directly or by
referencing a created IPsec policy template. The web interface supports
only IKE-dependent IPsec policies.
IMPORTANT:
An IKE-dependent IPsec policy created by referencing a template cannot
be used to initiate SA negotiation, but it can be used to respond to a
negotiation request. The parameters specified in the IPsec policy template
must match those of the remote end, while the parameters not defined in
the template are determined by the initiator.
Applying an IPsec policy group
Required
Apply an IPsec policy group to an interface (logical or physical) to
protect certain data flows.
An IPsec policy group is a collection of IPsec policies with the same
name but different sequence numbers. In an IPsec policy group, an IPsec
policy with a smaller sequence number has a higher priority.
Viewing IPsec SAs
Optional
View brief information about established IPsec SAs to verify your
configuration.
Viewing packet statistics
Optional
View packet statistics to verify your configuration.
Configuring an IPsec proposal
Select VPN > IPSec > Proposal from the navigation tree to display existing IPsec proposals, as shown
in Figure 25. T
hen, click Add to enter the IPsec proposal configuration wizard page, as shown in Figure
26.
Figure 25 IPsec prop
osal list
Figure 26 IPsec proposal configuration wizard page
The web interface provides two modes for configuring an IPsec proposal: suite mode and custom mode.
• Suite mode: This mode allows you to select a pre-defined encryption suite. Figure 27 sh
ows the
IPsec proposal configuration in suite mode.