Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
161162163164165166167168169170
162 CHAPTER 10: IPSEC CONFIGURATION
By default, the system checks the next-payload field in the last payload of the IKE
negotiation packet during IPsec negotiation.
Configuring the
Encryption Card
(Optional)
The basic configurations of an encryption card are the same as those of IPsec; refer
to the previous sections.
The following are the optional configurations for the encryption card.
Entering encryption card interface view and enabling the card
When a security gateway is fitted with multiple encryption cards, you may use the
undo shutdown and shutdown commands to enable or disable them. The
undo shutdown command can reset and initialize an encryption card that is
disabled.
Before you can shut down/enable the encryption card in a specified slot, you must
use the interface encrypt command to enter the view of the encryption card.
Perform the following configuration in system view.
Perform the following configuration in encryption card interface view.
By default, all the fitted encryption cards are up.
Enabling IPsec module backup function
For the IPsec SA implemented by the encryption card, if the card is normal, IPsec is
processed by the card. If the card fails, backup function is enabled on the card and
the selected encryption/authentication algorithms for the SA are supported by the
IPsec module on Comware platform, IPsec shall be implemented by the IPsec
module on Comware platform. In the event that the selected algorithms are not
supported by the IPsec module, the system drops packets.
Perform the following configuration in system view.
Tabl e 151 Disable to check the next-payload field
Operation Command
Disable to check the next-payload field in the
last payload of the IKE negotiation packet
during IPsec negotiation
ike next-payload check disabled
Remove the default undo ike next-payload check disabled
Tabl e 152 Enter encryption card interface view
Operation Command
Enter encryption card interface view interface encrypt slot-id
Tabl e 153 Enable or shut down the encryption card
Operation Command
Turn up the encryption card undo shutdown
Shut down the encryption card shutdown