H3C Technologies H3C SecPath F1000-E User Manual

Page 244

Advertising
background image

232

Figure 144 IPsec VPN policy configuration wizard: 3/4 (peer node)

5.

Configure the parameters as described in

Table 21

.

Table 21 Configuration items

Item

Description

Source IP
Address/Wildcard

Specify the traffic to be protected by giving the source IP address and wildcard,
destination IP address and wildcard, and the protocol type.

IMPORTANT:

Based on these configurations, the wizard will create an advanced ACL that permit

packets matching these criteria and apply this ACL to the IPsec policy. The ACL number

will be the smallest, available number in the range of 3000 to 3999. If there is no
number available for the ACL, the wizard will notify you that the IPsec VPN policy

configuration fails.

Destination IP
Address/Wildcard

Protocol Type

Encryption Suite

Select the encryption suite for the IPsec proposal. An encryption suite specifies the IP
packet encapsulation mode, security protocol, and authentication and encryption

algorithms to be used.
Options include:

TUNNEL-ESP-SHA1-3DES—Uses the tunnel mode for IP packet encapsulation, ESP

for packet protection, SHA1 for authentication, and 3DES for encryption.

TUNNEL-ESP-MD5-DES—Uses the tunnel mode for IP packet encapsulation, ESP for

packet protection, MD5 for authentication, and DES for encryption.

TUNNEL-AH-MD5-ESP-DES—Uses the tunnel mode for IP packet encapsulation,

ESP and AH for packet protection, MD5 for AH authentication, and DES for ESP
encryption.

TUNNEL-AH-MD5-ESP-3DES—Uses the tunnel mode for IP packet encapsulation,

ESP and AH for packet protection, MD5 for AH authentication, and 3DES for ESP
encryption.

Advertising