3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

151

152

153

154

155

156

157

158

159

160

IPsec Configuration 151

By default, no IPsec proposal is configured.

Specifying the encryption card to be used by a security proposal (only

applied when an encryption card is involved)

When an encryption card is used, you must specify its slot number in card SA

proposal view. Each modular security gateway can accommodate up to two

encryption cards; each can be assigned to multiple encryption card security

proposals. In system view, use the ipsec card-proposal proposal-name command

to enter encryption card SA proposal view, and then specify the encryption card to

be used by a security proposal in this view.

By default, no encryption card is used in the card SA proposal.

Selecting packet encapsulation mode

You MUST specify encapsulation mode in a security proposal. In addition, the

same encapsulation mode MUST be adopted at the two ends of a security Tunnel.

Perform the following configurations in IPsec proposal or card SA proposal view.

Normally, Tunnel mode is always adopted between two security GWs (routers).

Transport mode is always preferred, however, with respect to the communication

between two hosts or between a host and a security GW.

By default, Tunnel mode is adopted.

Tab le 127 Configure an IPsec proposal

Operation Command

Create an IPsec proposal and access the IPsec

proposal view (for IPsec module)

ipsec proposal proposal-name

Delete the IPsec proposal (for IPsec module) undo ipsec proposal proposal-name

Create a card SA proposal and access its view

(for encryption cards only )

ipsec card-proposal proposal-name

Delete the card SA proposal (for encryption

card)

undo ipsec card-proposal proposal-name

Tab le 128 Assign an encryption card to the card SA proposal

Operation Command

Enter the encryption card SA proposal view ipsec card-proposal proposal-name

Assign an encryption card to the card SA

proposal

use encrypt-card slot-id

Remove the configuration undo use encrypt-card

Tab le 129 Select a packet encapsulation mode

Operation Command

Set the IP datagram encapsulation mode

adopted by the security protocol

encapsulation-mode { transport | tunnel }

Restore the default encapsulation mode undo encapsulation-mode