12.8 Configuration Examples...............................................................................................................................251
12.8.1 Example for Configuring Manual Certificate Enrollment...................................................................251
12.8.2 Example for Configuring PKI in IPSec...............................................................................................254
13 Keychain Configuration.........................................................................................................263
13.1 Introduction to Keychain..............................................................................................................................264
13.2 Keychain Features Supported by the AR1200-S..........................................................................................264
13.3 Configuring Basic Keychain Functions........................................................................................................265
13.3.1 Establishing the Configuration Task...................................................................................................265
13.3.2 Creating a Keychain............................................................................................................................266
13.3.3 Configuring Receive Tolerance of a Keychain...................................................................................266
13.3.4 Configuring a key-id in a Keychain....................................................................................................267
13.3.5 Configuring key-string of a key-id......................................................................................................267
13.3.6 Configuring Authentication Algorithm of a key-id.............................................................................268
13.3.7 Configuring a key-id as the Default send-key-id.................................................................................268
13.3.8 Configuring send-time of a key-id.......................................................................................................269
13.3.9 Configuring receive-time of a key-id..................................................................................................271
13.3.10 Checking the Configuration...............................................................................................................273
13.4 Configuring TCP Authentication parameters...............................................................................................274
13.4.1 Establishing the Configuration Task...................................................................................................274
13.4.2 Configuring TCP Kind of a Keychain.................................................................................................275
13.4.3 Configuring TCP Algorithm-id in a Keychain....................................................................................275
13.4.4 Checking the Configuration.................................................................................................................275
13.5 Configuration Examples...............................................................................................................................277
13.5.1 Example for Configuring Keychain Authentication for Non-TCP Application..................................277
14 Configuration of Attack Defense and Application Layer Association.........................280
14.1 Overview to Attack Defense and Application Layer Association................................................................281
14.1.1 Overview of Attack Defense and Application Layer Association.......................................................281
14.1.2 Attack Defense and Application Layer Association Supported by AR1200-S...................................282
14.2 Configuring Abnormal Packet Attack Defense............................................................................................283
14.2.1 Establishing the Configuration Task...................................................................................................283
14.2.2 Enabling Defense Against Abnormal Packet Attacks.........................................................................284
14.2.3 Checking the Configuration.................................................................................................................284
14.3 Configuring Fragmented Packet Attack Defense.........................................................................................285
14.3.1 Establishing the Configuration Task...................................................................................................285
14.3.2 Configuring Defense Against Packet Fragment Attacks.....................................................................285
14.3.3 Checking the Configuration.................................................................................................................286
14.4 Configuring Flood Attack Defense...............................................................................................................286
14.4.1 Establishing the Configuration Task...................................................................................................287
14.4.2 Configuring Defense Against SYN Flood Attacks..............................................................................287
14.4.3 Configuring Defense Against UDP Flood Attacks..............................................................................288
14.4.4 Configuring Defense Against ICMP Flood Attacks............................................................................288
14.4.5 Checking the Configuration.................................................................................................................289
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
xii
To Next Page
Loading...
