R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
54
Verification
After the configuration, packets to be exchanged between subnet 10.1.1.0/24 and subnet 10.1.2.0/24
will trigger the negotiation of SAs by IKE. After IKE negotiation succeeds and the IPsec SAs are
established, traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 will be protected by IPsec.
IPsec VPN configuration wizard in the web
interface
The IPsec VPN policy configuration wizard provides a way to configure IPsec VPNs easily.
IPsec VPN supports two networking modes: center-branch mode and peer-peer mode.
• Center-branch mode applies to one-to-many networks as shown in Figure 38. A net
work in this
mode uses the aggressive mode for IKE negotiation and uses the security gateway name or IP
address as the ID type at the local end. The center node never initiates IPsec SA negotiation; the
branch nodes must take the responsibility.
Figure 38 Center-branch networking mode
• Peer-peer mode applies to one-to-one networks as shown in Figure 39. A network in this mode uses
the main mode for IKE negotiation and can use only the ID type of IP address at the local end. Either
of the two peers can initiate IPsec SA negotiation.
Figure 39 Peer-peer networking mode
Launching the IPsec VPN policy configuration wizard
Select Wizard from the navigation tree to enter the Configuration Wizard page, and then click the IPSec
VPN Deployment hyperlink to enter the first page of the IPsec VPN policy configuration page, as shown
in Figure 40.