Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
151152153154155156157158159160
IPsec Configuration 157
An IPsec proposal is referenced in an IPsec policy to specify IPsec protocol,
algorithms, and packet encapsulation mode. Before an IPsec proposal can be
referenced, it must have been created.
Perform the following configurations in IPsec policy view.
In the event of manually creating SA, each IPsec policy can reference only one
IPsec proposal. If an IPsec proposal has been referenced, it must be removed
before the configuration of a new IPsec proposal is allowed. At both ends of a
security Tunnel, IPsec proposals referenced by the IPsec policy must adopt the
same security protocol, algorithms and packet encapsulation mode.
3 Referencing ACL in the IPsec policy
IPsec policy will reference an ACL to specify which packet needs security
protection and which does not according to the rules in this access control list.
Packets permitted by ACL will be in protection, while packets denied by ACL will
not be protected.
Perform the following configuration in IPsec policy view.
One IPsec policy can reference only one access control list. If the IPsec policy has
referenced more than one ACLs, only the one configured last is valid.
In the event of setting up an SA by making use of IKE (isakmp) negotiation, each
IPsec policy can reference up to six IPsec proposals. When making an IKE
negotiation, the systems at the two ends of the security Tunnel will look up the
configured IPsec proposals for a match. If no match is found, the setup attempt of
SA will fail and the packets requiring protection will be dropped.
4 Referencing an IKE peer in the IPsec policy
In IKE negotiation mode, these parameters such as peer, SPI and key can be
obtained through negotiation, so you only need to associate IPsec policy with IKE
peer. The IKE peer must be established before being referenced.
Perform the following configurations in IPsec policy view.
Tab le 139 Reference an IPsec proposal in the IPsec policy
Operation Command
Reference an IPsec proposal in the IPsec policy
proposal proposal-name1 [
proposal-name2... proposal-name6 ]
Remove the IPsec proposal referenced by the
IPsec policy
undo proposal [ proposal-name ]
Tab le 140 Reference ACL in the IPsec policy
Operation Command
Reference an ACL in the IPsec policy security acl acl-number
Remove the ACL referenced by the IPsec policy undo security acl