3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

171

172

173

174

175

176

177

178

179

180

174 CHAPTER 11: IKE CONFIGURATION

■ Configure subnet type of the IKE peer

4 Configure the parameters of Keepalive timer

■ Configure interval for Keepalive transmission

■ Configure timeout time for Keepalive

Setting a Name for the

Local Security GW

If the initiator uses the GW name in IKE negotiation (that is, id-type name is

used), you must configure the ike local-name command on the local device.

Perform the following configuration in system view.

Defining IKE Proposal Establishing IKE proposal

IKE proposal defines a set of attributes describing how IKE negotiation conducts

security communications. Configuring an IKE proposal includes the tasks of IKE

proposal creation, selection in encryption algorithm, authentication mode,

authentication algorithm, and Diffie-Hellman group ID, and SA lifetime duration

setting.

The user may create multiple IKE proposals on the basis of precedence, but the

negotiation parties should have at least one matched IKE proposal in order to

reach an agreement.

This configuration is used to define an IKE proposal. The IKE proposal configured is

used to establish the security channel.

Perform the following configuration in the system view.

Execute the ike proposal command to enter the IKE proposal view, where you

can configure the encryption algorithm, authentication algorithm, Diffie-Hellman

group ID, sa duration, and authentication method.

The parameter proposal-number is the IKE proposal number, ranging from 1 to

100. This parameter also stands for the priority. A smaller number stands for a

higher priority. You can create multiple IKE proposals for each side of the

negotiation. Both side in the negotiation matches the proposal from the one with

the highest priority. There must be at least one matched policy for successful

negotiation, that is, both side must have the same encryption and authentication

algorithm, some authentication method and Diffie-Hellman group ID.

Tabl e 166 Configure name of the local security GW

Operation Command

Configure name of the local security GW ike local name name

Restore the default name of the local security GW undo ike local id

Tabl e 167 Establish IKE proposal

Operation Command

Create IKE proposal ike proposal proposal-number

Delete IKE proposal undo ike proposal proposal-number