Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
151152153154155156157158159160
160 CHAPTER 10: IPSEC CONFIGURATION
Configuring timers
Perform the following configuration in DPD structure view.
By default, the interval for triggering a DPD query is 10 seconds, and the time
waiting for a DPD acknowledgment is five seconds.
Specifying a DPD structure for an IKE peer
Perform the following configuration in IKE peer view.
Configuring IPsec Policy
Templ a te
Uncertain factors may exist in some networks, e.g., IP address allocated for a
dial-up mobile user is not fixed, so, the endpoint address of IPsec Tunnel and the
data flow to be protected cannot be decided. Such condition makes the
implement of IPsec difficult.
IPsec policy template can meet such requirement. It is a policy template that
specifies only part of parameters and adopts the settings of the initiator for the
rest of the parameters.
The configuration of IPsec policy template is similar to common IPsec policy: first,
you need create a policy template, then, template parameters can be specified.
Perform the following configuration in system view.
Using IPsec policy-template command, you will enter the IPsec policy template
view, in which you can specify the policy template related parameters.
n
The parameters configurable in an IPsec policy template are the same as those of
IPsec policy in isakmp mode, except that most are optional. Only IPsec proposal
and IKE peer (for an IKE peer, there is no need to configure the IP address for its
Tabl e 146 Configure timers
Operation Command
Configure the interval for triggering a DPD query interval_time seconds
Restore the default interval for triggering a DPD query undo interval_time
Configure the time waiting for a DPD acknowledgment time_out seconds
Restore the default time waiting for a DPD acknowledgment undo time_out
Tabl e 147 Specify a DPD structure for an IKE peer
Operation Command
Specify a DPD structure for the IKE peer dpd dpd-name
Remove the referenced DPD structure undo dpd
Tabl e 148 Configure IPsec policy template
Operation Command
Create/Modify IPsec policy template
ipsec policy-template template-name
seq-number
Delete an IPsec policy template
undo ipsec policy-template template-name
[ seq-number ]