HP VPN Firewall Appliances VPN Configuration Guide
123
Ste
p
Command
Remarks
6. Select the ID type for IKE
negotiation phase 1.
id-type { ip | name | user-fqdn }
Optional.
By default, the ID type is IP.
7. Configure a name for the
local security gateway.
local-name name
Optional.
By default, no name is configured for
the local security gateway in IKE peer
view, and the security gateway name
configured by using the ike
local-name command is used.
8. Specify the name of the
remote security gateway.
remote-name name
Optional.
The remote gateway name
configured with remote-name
command on the local gateway must
be identical to the local name
configured with the local-name
command on the peer.
9. Configure an IP address for
the local gateway.
local-address ip-address
Optional.
By default, it is the primary IP address
of the interface referencing the
security policy.
10. Specify the IP addresses of
the remote gateway.
remote-address { hostname
[ dynamic ] | low-ip-address
[ high-ip-address ] }
Optional.
The remote IP address configured
with the remote-address command
on the local gateway must be
identical to the local IP address
configured with the local-address
command on the peer.
11. Enable the NAT traversal
function for IPsec/IKE.
nat traversal
Optional.
Required when a NAT gateway is
present in the VPN tunnel constructed
by IPsec/IKE.
Disabled by default.
12. Set the subnet types of the
two ends.
• Set the subnet type of the local
end:
local { multi-subnet |
single-subnet }
• Set the subnet type of the peer
end:
peer { multi-subnet |
single-subnet }
Optional.
The default subnet type is
single-subnet.
Use these two commands only when
the device is working together with a
NetScreen device.
13. Apply a DPD detector to the
IKE peer.
dpd dpd-name
Optional.
No DPD detector is applied to an IKE
peer by default.
For more information about DPD
configuration, see "Configuring a
DPD detector."