R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
439
Ste
p
Command
Remarks
3. Specify the pre-shared key of
the VAM client.
pre-shared-key { cipher | simple }
key-string
Not specified by default
NOTE:
In a VPN domain, all the VAM clients and the VAM server must be configured with the same pre-shared
key.
Enabling VAM client
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable VAM client.
• (Approach 1) Enable VAM client for all VAM clients
or a specific VAM client:
vam client enable { all | name client-name }
• (Approach 2) Enable VAM client for a VAM client:
a. vam client name client-name
b. client enable
Use either approach.
Disabled by default.
Configuring an IPsec profile
An IPsec profile secures the transmission of data packets and control packets over a DVPN tunnel. It uses
the security protocol of ESP or AH and employs IKE for security policy negotiation.
Configuration prerequisites
Before you configure an IPsec profile, complete the following tasks:
• Configure the IPsec proposals for the IPsec profile to reference
• Configure the IKE peer for the IPsec profile to reference
For more information about IPsec and IKE, see "Configuring IPsec" and "Configuring IKE."
Configuration procedure
To configure an IPsec profile:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Create an IPsec profile and
enter IPsec profile view.
ipsec profile profile-name
By default, no IPsec profile is
created.
3. Specify the IPsec proposals for
the IPsec profile to reference.
proposal proposal-name&<1-6>
By default, an IPsec profile
references no IPsec proposal.
4. Specify the IKE peer for the
IPsec profile to reference.
ike-peer peer-name
By default, an IPsec profile
references no IKE peer