H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 141
- Pagina / 182
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
13
To do… Use the command… Remarks
Configure the
encryption key
(in characters)
sa string-key { inbound |
outbound } esp string-key
Configure the
encryption key
(in hexadecimal)
sa encryption-hex { inbound |
outbound } esp hex-key
Required
Use either command
The system can automatically
generate both the authentication key
and the encryption key at the time
for configuring encryption key in
character string.
NOTE:
• An IPsec policy can reference only one ACL. If you apply multiple ACLs to an IPsec policy, only the last
one takes effect.
• For manual SAs, an IPsec policy can reference only one IPsec proposal. To change an IPsec proposal
for
an IPsec policy, you must remove the proposal reference first.
• When configuring SAs for a system, you must configure the parameters for both the inbound and
outbound SAs. Additionally, different SAs must have different SPIs
and the inbound or outbound SPIs a
t
one end must be different.
• If you configure a key in two modes: string and hexadecimal, only the last configured one will be used.
• You cannot change the creation mode of an IPsec policy from manual to through IKE, or vise versa. To
create an IPsec policy usin
g
IKE, delete the manual IPsec policy, and then use IKE to confi
g
ure an IPsec
policy.
Configuring an IPsec policy using IKE
You can configure an IPsec policy using IKE in two ways:
• Directly configuring it by configuring the parameters in IPsec policy view.
• Configuring it by referencing an existing IPsec policy template with the parameters to be negotiated
configured. A device referencing an IPsec policy that is configured in this way cannot initiate SA
negotiation but can respond to a negotiation request. The parameters not defined in the template
will be determined by the initiator, and therefore this approach applies to scenarios where the
remote end's information is unknown, such as the IP address.
1. Configuration prerequisites
Configure the ACLs and IKE peer for the IPsec policy to reference. For IKE configuration, refer to
Configuring an IKE Peer.
Note that the parameters for the local and remote ends must match.
2. Configuration procedure
• Directly configure an IPsec policy using IKE
Following these steps to directly configure an IPsec policy using IKE:
To do… Use the command… Remark
Enter system view system-view —
Create an IPsec policy and enter its
view
ipsec policy policy-name
seq-number isakmp
Required
By default, no IPsec policy exists.
- Table of Contents 1
- Portal Configuration 2
- Portal System Components 3
- Portal Authentication Modes 4
- Configuration Prerequisites 8
- RADIUS Configuration 12
- Firewall Web 12
- Configuration Manual 12
- Portal Packets 13
- 2. Probe parameters 15
- Logging Off Portal Users 17
- Step2 Configure Device 21
- DHCP Configuration 24
- Functions 27
- Information Synchronization 34
- Configuration considerations 35
- Troubleshooting Portal 42
- ALG Configuration 45
- 2. Authenticating the user 46
- Enabling ALG 47
- ALG Configuration Examples 47
- # Enable ALG for NBT 50
- # Configure NAT 50
- RSH Configuration 52
- RSH Configuration Example 53
- SSH2.0 Configuration 57
- Version negotiation 58
- Authentication 58
- Session request 59
- Interaction 59
- SSH Connection Across VPNs 60
- Public Key Commands 61
- Security Volume 61
- Interface Commands 62
- System Volume 62
- Configuring an SSH User 63
- SFTP Service 80
- Working with SFTP Files 83
- Displaying Help Information 84
- SSL Configuration 91
- SSL Configuration Task List 92
- Configuration Procedure 93
- Troubleshooting SSL 97
- Web Filtering Configuration 100
- Java Blocking 101
- ActiveX Blocking 101
- Configuring Web Filtering 102
- Network requirements 103
- Configuration procedure 104
- Invalid Use of Wildcard 107
- Invalid Blocking Suffix 107
- Public Key Configuration 109
- Connection Limit Overview 118
- Verification 121
- Symptom 121
- Analysis 121
- Solution 122
- Contents 123
- Firewall configuration 124
- IPsec Configuration 129
- Implementation of IPsec 130
- Basic Concepts of IPsec 130
- Encapsulation modes 131
- IPsec Tunnel Interface 132
- Configuring IPsec 134
- Implementing ACL-Based IPsec 135
- Mirror image ACLs 137
- Protection modes 138
- Configuring an IPsec Policy 139
- NOTE: 143
- Configuring an IPsec Profile 148
- Tunneling Commands 150
- IP Services Volume 150
- IPsec Configuration Examples 152
- 2. Configure Device B 153
- Configuation procedure 157
- 3. Configure Device C 162
- IKE Configuration 165
- Operation of IKE 166
- IKE Configuration Task List 167
- Gateway 168
- Configuring an IKE Proposal 168
- Configuring an IKE Peer 169
- Setting Keepalive Timers 171
- Configuring a DPD 172
- IKE Configuration Examples 173
- Traversal 175
- Troubleshooting IKE 180
- Proposal Mismatch 181
- ACL Configuration Error 181
Relacionado con productos y manuales para La Seguridad H3c-technologies H3C SecPath F1000-E
(95 paginas)
(17 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.125 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales