To Next Page

To Previous Page

Configuring a manual IPsec profile ··················································································································· 238

Configuring SNMP notifications for IPsec ················································································································· 240

Displaying and maintaining IPsec ······························································································································ 240

IPsec configuration examples······································································································································ 241

Configuring a manual mode IPsec tunnel for IPv4 packets ············································································ 241

Configuring an IKE-based IPsec tunnel for IPv4 packets ················································································· 243

Configuring IPsec for RIPng ································································································································ 246

Configuring IKE ······················································································································································· 250

Overview ······································································································································································· 250

IKE negotiation process ······································································································································ 250

IKE security mechanism ······································································································································· 251

Protocols and standards ····································································································································· 252

FIPS compliance ··························································································································································· 252

IKE configuration prerequisites ··································································································································· 252

IKE configuration task list ············································································································································ 252

Configuring an IKE profile ·········································································································································· 253

Configuring an IKE proposal ······································································································································ 255

Configuring an IKE keychain ······································································································································ 256

Configuring the global identity information ·············································································································· 257

Configuring the IKE keepalive function ······················································································································ 258

Configuring the IKE NAT keepalive function ············································································································ 259

Configuring IKE DPD···················································································································································· 259

Enabling invalid SPI recovery ····································································································································· 260

Setting the maximum number of IKE SAs ··················································································································· 260

Configuring SNMP notifications for IKE ···················································································································· 261

Displaying and maintaining IKE ································································································································· 261

IKE configuration examples ········································································································································ 262

Main mode IKE with pre-shared key authentication configuration example ················································ 262

Verifying the configuration ································································································································· 264

Troubleshooting IKE ····················································································································································· 264

IKE negotiation failed because no matching IKE proposals were found ······················································· 264

IKE negotiation failed because no IKE proposals or IKE keychains are referenced correctly····················· 265

IPsec SA negotiation failed because no matching IPsec transform sets were found ···································· 266

IPsec SA negotiation failed due to invalid identity information ······································································ 266

Configuring SSH ····················································································································································· 269

How SSH works ··················································································································································· 269

SSH authentication methods ······························································································································· 270

Configuring the device as an SSH server ·················································································································· 272

SSH server configuration task list ······················································································································ 272

Generating local key pairs ································································································································· 272

Enabling the SSH server function ······················································································································· 273

Enabling the SFTP server function ······················································································································ 274

Configuring NETCONF over SSH ····················································································································· 274

Configuring the user lines for SSH login ··········································································································· 274

Configuring a client's host public key ··············································································································· 275

Configuring an SSH user ···································································································································· 276

Setting the SSH management parameters ········································································································ 277

Configuring the device as an Stelnet client ··············································································································· 278

Stelnet client configuration task list ···················································································································· 278

Specifying the source IP address for SSH packets ··························································································· 279

Establishing a connection to an Stelnet server ································································································· 279