EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series User Manual

HPE FlexNetwork MSR Series
861 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #361 background imageLoading...
Page #361 background image
7
Item Description
Encapsulation Mode
Select the IP packet encapsulation mode. Options include:
Tunnel—Uses the tunnel mode.
Transport—Uses the transport mode.
PFS
Enable and configure the Perfect Forward Secrecy (PFS) feature or disable the
feature. Options include:
None—Disables PFS.
Diffie-Hellman Group1—Enables PFS and uses the 768-bit Diffie-Hellman
group.
Diffie-Hellman Group2—Enables PFS and uses the 1024-bit Diffie-Hellman
group.
Diffie-Hellman Group5—Enables PFS and uses the 1536-bit Diffie-Hellman
group.
Diffie-Hellman Group14—Enables PFS and uses the 2048-bit Diffie-Hellman
group.
IMPORTANT:
DH Group14, DH Group5, DH Group2, and DH Group1 are in the descending
order of security and calculation time.
When IPsec uses an IPsec connection with PFS configured to initiate
negotiation, an additional key exchange is performed in phase 2 for higher
security.
Two peers must use the same Diffie-Hellman group. Otherwise, negotiation
fails.
SA Lifetime
Enter the IPsec SA lifetime, which can be time-based or traffic-based.
IMPORTANT:
When negotiating to set up IPsec SAs, IKE uses the smaller one between the
lifetime set locally and the lifetime proposed by the peer.
DPD
Enables or disables IKE DPD.
DPD irregularly detects dead IKE peers. When the local end sends an IPsec packet,
DPD checks the time the last IPsec packet was received from the peer. If the time
exceeds the DPD interval, it sends a DPD hello to the peer. If the local end receives
no DPD acknowledgement within the DPD packet retransmission interval, it
retransmits the DPD hello. If the local end still receives no DPD acknowledgement
after having made the maximum number of retransmission attempts (two by
default), it considers the peer already dead, and clears the IKE SA and the IPsec
SAs based on the IKE SA.
DPD Query
Triggering Interval
Enter the interval after which DPD is triggered if no IPsec protected packets is
received from the peer.
DPD Packet
Retransmission
Interval
Enter the interval after which DPD packet retransmission will occur if no DPD
response is received.
Displaying IPsec VPN monitoring information
1. Select VPN > IPsec VPN from the navigation tree.
2. Click the Monitoring Information tab to enter the page that displays the IPsec connection
configuration and status information.
3. Select an IPsec connection.
The lower part of the page shows the information of the IPsec tunnel that was set up with the
selected IPsec connection configuration.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages
Preview: Comware 5 Security Configuration Guide
Comware 5 Security Configuration Guide547 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals