H3c-technologies H3C SecPath F1000-E Bedienungsanleitung Seite 168
- Seite / 182
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
4
• Determine the strength of the algorithms for IKE negotiation, namely the security protection level,
including the identity authentication method, encryption algorithm, authentication algorithm, and
DH group. Different algorithms provide different levels of protection. A stronger algorithm means
more resistant to decryption of protected data but requires more resources. Generally, the longer
the key, the stronger the algorithm.
• Determine the pre-shared key or the PKI domain the certificate belongs to. For PKI configuration,
refer to PKI in the Firewall WEB.
Complete the following tasks to configure IKE:
Task Remarks
Configuring a Name for the Local Security Gateway Optional
Configuring an IKE Proposal
Optional
Required if you want to specify an IKE
proposal for an IKE peer to reference.
Configuring an IKE Peer Required
Setting Keepalive Timers Optional
Setting the NAT Keepalive Timer Optional
Configuring a DPD Optional
Disabling Next Payload Field Checking Optional
Configuring a Name for the Local Security
Gateway
If the IKE negotiation initiator uses the gateway name as its identification for IKE negotiation (that is, the
id-type name command is configured on the initiator), you must configure a name for the local security
gateway by using the ike local-name command in system view or local-name command in IKE peer view.
If you perform the configuration in both views, the name configured in IKE peer view is used.
Following these steps to configure a name for the local security gateway:
To do… Use the command… Remarks
Enter system view system-view —
Configure a name for the local
security gateway
ike local-name name
Optional
By default, the device name is used
as the name of the local security
gateway.
Configuring an IKE Proposal
An IKE proposal defines a set of attributes describing how IKE negotiation should take place. You may
create multiple IKE proposals with different preferences. The preference of an IKE proposal is represented
by its sequence number, and the lower the sequence number, the higher the preference.
Two peers must have at least one matching IKE proposal for successful IKE negotiation. During IKE
negotiation, the initiator sends its IKE proposals to the peer, and the peer searches its own IKE proposals
- Table of Contents 1
- Portal Configuration 2
- Portal System Components 3
- Portal Authentication Modes 4
- Configuration Prerequisites 8
- RADIUS Configuration 12
- Firewall Web 12
- Configuration Manual 12
- Portal Packets 13
- 2. Probe parameters 15
- Logging Off Portal Users 17
- Step2 Configure Device 21
- DHCP Configuration 24
- Functions 27
- Information Synchronization 34
- Configuration considerations 35
- Troubleshooting Portal 42
- ALG Configuration 45
- 2. Authenticating the user 46
- Enabling ALG 47
- ALG Configuration Examples 47
- # Enable ALG for NBT 50
- # Configure NAT 50
- RSH Configuration 52
- RSH Configuration Example 53
- SSH2.0 Configuration 57
- Version negotiation 58
- Authentication 58
- Session request 59
- Interaction 59
- SSH Connection Across VPNs 60
- Public Key Commands 61
- Security Volume 61
- Interface Commands 62
- System Volume 62
- Configuring an SSH User 63
- SFTP Service 80
- Working with SFTP Files 83
- Displaying Help Information 84
- SSL Configuration 91
- SSL Configuration Task List 92
- Configuration Procedure 93
- Troubleshooting SSL 97
- Web Filtering Configuration 100
- Java Blocking 101
- ActiveX Blocking 101
- Configuring Web Filtering 102
- Network requirements 103
- Configuration procedure 104
- Invalid Use of Wildcard 107
- Invalid Blocking Suffix 107
- Public Key Configuration 109
- Connection Limit Overview 118
- Verification 121
- Symptom 121
- Analysis 121
- Solution 122
- Contents 123
- Firewall configuration 124
- IPsec Configuration 129
- Implementation of IPsec 130
- Basic Concepts of IPsec 130
- Encapsulation modes 131
- IPsec Tunnel Interface 132
- Configuring IPsec 134
- Implementing ACL-Based IPsec 135
- Mirror image ACLs 137
- Protection modes 138
- Configuring an IPsec Policy 139
- NOTE: 143
- Configuring an IPsec Profile 148
- Tunneling Commands 150
- IP Services Volume 150
- IPsec Configuration Examples 152
- 2. Configure Device B 153
- Configuation procedure 157
- 3. Configure Device C 162
- IKE Configuration 165
- Operation of IKE 166
- IKE Configuration Task List 167
- Gateway 168
- Configuring an IKE Proposal 168
- Configuring an IKE Peer 169
- Setting Keepalive Timers 171
- Configuring a DPD 172
- IKE Configuration Examples 173
- Traversal 175
- Troubleshooting IKE 180
- Proposal Mismatch 181
- ACL Configuration Error 181
Verwandte Produkte und Handbücher für Sicherheit H3c-technologies H3C SecPath F1000-E
(95 Seiten)
(17 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.043 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern