R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
57
Figure 42 IPsec VPN policy configuration wizard: 3/4 (center node)
4. Configure the items on the page. Table 17 describes the configuration items.
Table 17 Configuration items on a center node: 3/4
Item Descri
p
tion
Encryption Suite
Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption
algorithms to be used. Options include:
• TUNNEL-ESP-SHA1-3DES—Uses the tunnel mode for IP packet encapsulation, ESP
for packet protection, SHA1 for authentication, and 3DES for encryption.
• TUNNEL-ESP-MD5-DES—Uses the tunnel mode for IP packet encapsulation, ESP for
packet protection, MD5 for authentication, and DES for encryption.
• TUNNEL-AH-MD5-ESP-DES—Uses the tunnel mode for IP packet encapsulation,
ESP and AH for packet protection, MD5 for AH authentication, and DES for ESP
encryption.
• TUNNEL-AH-MD5-ESP-3DES—Uses the tunnel mode for IP packet encapsulation,
ESP and AH for packet protection, MD5 for AH authentication, and 3DES for ESP
encryption.
Pre-Shared Key
Select the authentication method for IKE negotiation and specify the required
argument. Options include:
• Pre-Shared Key—Uses the pre-shared key authentication method.
• PKI Domain—Uses the RSA signature authentication method. Available PKI
domains are those configured by selecting VPN > PKI > Domain from the
navigation tree.
PKI Domain
Enable DPD
Select this check box to enable dead peer detection (DPD). If you enable DPD and the
name of the IPsec VPN is abc, the wizard will create a DPD named abc_dpd and
apply it to peer abc_peer.
5. Click Next to enter the next page, as shown in Figure 43.