v
Troubleshooting port security ························································································································· 147
Cannot set the port security mode ········································································································· 147
Cannot configure secure MAC addresses ····························································································· 147
Cannot change port security mode when a user is online ····································································· 148
Configuring IPsec ························································································ 149
Overview ························································································································································ 149
Basic concepts ······································································································································· 149
IPsec implementation on an encryption card ························································································· 151
IPsec tunnel interface ····························································································································· 152
IPsec for IPv6 routing protocols ············································································································· 153
IPsec RRI ··············································································································································· 153
Protocols and standards ························································································································ 154
FIPS compliance ············································································································································ 154
Implementing IPsec ······································································································································· 154
Implementing ACL-based IPsec ···················································································································· 155
Configuring an ACL ································································································································ 156
Configuring an IPsec transform set ········································································································ 158
Configuring an IPsec policy ···················································································································· 160
Applying an IPsec policy group to an interface ······················································································ 165
Binding an IPsec policy, IPsec policy group, or IPsec profile to an encryption card ······························ 166
Enabling the encryption engine ·············································································································· 167
Enabling the IPsec module backup function ·························································································· 167
Configuring the IPsec session idle timeout ···························································································· 168
Enabling ACL checking of de-encapsulated IPsec packets ··································································· 168
Configuring the IPsec anti-replay function ····························································································· 168
Configuring a shared source interface policy group ··············································································· 169
Configuring packet information pre-extraction ······················································································· 170
Enabling invalid SPI recovery ················································································································ 170
Configuring IPsec RRI ···························································································································· 171
Enabling transparent data transmission without NAT ············································································ 172
Enabling fragmentation before/after encryption ····················································································· 172
Implementing tunnel interface-based IPsec ··································································································· 173
Configuring an IPsec profile ··················································································································· 174
Configuring an IPsec tunnel interface ···································································································· 175
Enabling packet information pre-extraction on the IPsec tunnel interface ············································· 176
Applying a QoS policy to an IPsec tunnel interface ··············································································· 177
Configuring IPsec for IPv6 routing protocols ·································································································· 177
Displaying and maintaining IPsec ·················································································································· 178
IPsec configuration examples ························································································································ 179
Configuring manual mode IPsec tunnel ································································································· 179
Configuring IKE-based IPsec tunnel ······································································································ 181
Configuring encryption cards for IPsec services ···················································································· 183
Configuring IPsec interface backup ······································································································· 185
Configuring IPsec with IPsec tunnel interfaces ······················································································ 189
Configuring IPsec for RIPng ··················································································································· 193
Configuring IPsec RRI ···························································································································· 196
Configuring IKE ··························································································· 200
Overview ························································································································································ 200
IKE security mechanism ························································································································· 200
IKE operation ········································································································································· 200
IKE functions ·········································································································································· 201
Relationship between IKE and IPsec ····································································································· 202
Protocols and standards ························································································································ 202
FIPS compliance ············································································································································ 202
IKE configuration task list ······························································································································· 203
Configuring a name for the local security gateway ························································································ 203
Configuring an IKE proposal ·························································································································· 204
Configuring an IKE peer ································································································································· 205
Setting keepalive timers ································································································································· 207
Setting the NAT keepalive timer ···················································································································· 207
To Next Page
Loading...
