EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Configuration Guide

HP 3600 v2 Series
449 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #307 background imageLoading...
Page #307 background image
294
Task Remarks
Configuring an IKE proposal
Optional.
Required if you want to specify an IKE proposal for
an IKE peer to reference.
Configuring an IKE peer Required.
Setting keepalive timers Optional.
Setting the NAT keepalive timer Optional.
Configuring a DPD detector Optional.
Disabling next payload field checking Optional.
Configuring a name for the local security gateway
If the IKE negotiation peer uses the security gateway name as its ID to initiate IKE negotiation (the id-type
name or id-type user-fqdn command is configured on the initiator), configure the ike local-name
command in system view or the local-name command in IKE peer view on the local device. If you
configure both commands, the name configured in IKE peer view is used.
To configure a name for the local security gateway:
Ste
p
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a name
for the local security
gateway.
ike local-name name
Optional.
By default, the device name is used as the
name of the local security gateway.
Configuring an IKE proposal
An IKE proposal defines a set of attributes describing how IKE negotiation should take place. You may
create multiple IKE proposals with different preferences. The preference of an IKE proposal is represented
by its sequence number, and the lower the sequence number, the higher the preference.
Two peers must have at least one matching IKE proposal for successful IKE negotiation. During IKE
negotiation, the initiator sends its IKE proposals to the peer, and the peer searches its own IKE proposals
for a match. The search starts from the one with the lowest sequence number and proceeds in the
ascending order of sequence number until a match is found or all the IKE proposals are found
mismatching. The matching IKE proposals will be used to establish the secure tunnel.
Two matching IKE proposals have the same encryption algorithm, authentication method, authentication
algorithm, and DH group. The SA lifetime will take the smaller one of the settings on the two sides.
By default, there is an IKE proposal, which has the lowest preference and uses the default encryption
algorithm, authentication method, authentication algorithm, DH group, and ISAKMP SA lifetime.
To configure an IKE proposal:

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Security Configuration Guide
Security Configuration Guide398 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals