vi
Failed to set the storage path ····························································································· 258
Configuring IPsec ········································································· 259
Overview ······························································································································ 259
Security protocols and encapsulation modes ········································································· 260
Security association ········································································································· 261
Authentication and encryption ···························································································· 262
IPsec implementation ······································································································· 262
Protocols and standards ··································································································· 263
FIPS compliance···················································································································· 263
IPsec tunnel establishment ······································································································ 263
Implementing ACL-based IPsec ································································································ 264
Feature restrictions and guidelines ······················································································ 264
ACL-based IPsec configuration task list················································································ 264
Configuring an ACL ········································································································· 265
Configuring an IPsec transform set ····················································································· 265
Configuring a manual IPsec policy ······················································································ 267
Configuring an IKE-based IPsec policy················································································· 269
Applying an IPsec policy to an interface ··············································································· 273
Enabling ACL checking for de-encapsulated packets ······························································ 273
Configuring IPsec anti-replay ····························································································· 274
Configuring IPsec anti-replay redundancy ············································································· 274
Binding a source interface to an IPsec policy ········································································· 275
Enabling QoS pre-classify ································································································· 276
Enabling logging of IPsec packets ······················································································· 276
Configuring the DF bit of IPsec packets ················································································ 276
Configuring IPsec for IPv6 routing protocols ················································································ 277
Configuration task list ······································································································· 277
Configuring a manual IPsec profile ······················································································ 278
Configuring SNMP notifications for IPsec ···················································································· 279
Displaying and maintaining IPsec ······························································································ 280
IPsec configuration examples ··································································································· 280
Configuring a manual mode IPsec tunnel for IPv4 packets ······················································· 280
Configuring an IKE-based IPsec tunnel for IPv4 packets ·························································· 283
Configuring IPsec for RIPng ······························································································ 285
Configuring IKE ··········································································· 290
Overview ······························································································································ 290
IKE negotiation process ···································································································· 290
IKE security mechanism ··································································································· 291
Protocols and standards ··································································································· 292
FIPS compliance···················································································································· 292
IKE configuration prerequisites ································································································· 292
IKE configuration task list ········································································································· 292
Configuring an IKE profile ········································································································ 293
Configuring an IKE proposal ····································································································· 295
Configuring an IKE keychain ···································································································· 296
Configuring the global identity information ··················································································· 297
Configuring the IKE keepalive feature ························································································· 298
Configuring the IKE NAT keepalive feature ·················································································· 298
Configuring IKE DPD ·············································································································· 298
Enabling invalid SPI recovery ··································································································· 299
Setting the maximum number of IKE SAs ···················································································· 300
Configuring SNMP notifications for IKE ······················································································· 300
Displaying and maintaining IKE ································································································· 301
IKE configuration examples ······································································································ 301
Main mode IKE with pre-shared key authentication configuration example ··································· 301
Verifying the configuration ································································································· 304
Troubleshooting IKE ··············································································································· 304
IKE negotiation failed because no matching IKE proposals were found ······································· 304
IKE negotiation failed because no IKE proposals or IKE keychains are specified correctly ·············· 304
IPsec SA negotiation failed because no matching IPsec transform sets were found ······················· 305
To Next Page
Loading...
Need help?
General