Configuring the IKE NAT keepalive function ············································································································ 221

Configuring IKE DPD···················································································································································· 222

Enabling invalid SPI recovery ····································································································································· 223

Setting the maximum number of IKE SAs ··················································································································· 223

Configuring SNMP notifications for IKE ···················································································································· 223

Displaying and maintaining IKE ································································································································· 224

IKE configuration examples ········································································································································ 224

Main mode IKE with pre-shared key authentication configuration example ················································ 224

Aggressive mode with RSA signature authentication configuration example ·············································· 229

Aggressive mode with NAT traversal configuration example ········································································ 236

Troubleshooting IKE ····················································································································································· 240

IKE negotiation failed because no matching IKE proposals were found ······················································· 240

IKE negotiation failed because no IKE proposals or IKE keychains are referenced correctly····················· 240

IPsec SA negotiation failed because no matching IPsec transform sets were found ···································· 241

IPsec SA negotiation failed due to invalid identity information ······································································ 242

Configuring SSH ····················································································································································· 245

Overview ······································································································································································· 245

How SSH works ··················································································································································· 245

SSH authentication methods ······························································································································· 246

FIPS compliance ··························································································································································· 247

Configuring the device as an SSH server ·················································································································· 247

SSH server configuration task list ······················································································································ 247

Generating local DSA or RSA key pairs ··········································································································· 248

Enabling the SSH server function ······················································································································· 249

Enabling the SFTP server function ······················································································································ 249

Configuring the user lines for SSH clients ········································································································· 249

Configuring a client's host public key ··············································································································· 250

Configuring an SSH user ···································································································································· 251

Setting the SSH management parameters ········································································································ 252

Configuring the device as an Stelnet client ··············································································································· 253

Stelnet client configuration task list ···················································································································· 253

Specifying a source IP address for SSH packets ····························································································· 254

Establishing a connection to an Stelnet server ································································································· 254

Configuring the device as an SFTP client ·················································································································· 256

SFTP client configuration task list ······················································································································· 256

Specifying a source IP address for SFTP packets ····························································································· 256

Establishing a connection to an SFTP server ···································································································· 256

Working with SFTP directories ··························································································································· 258

Working with SFTP files ······································································································································ 258

Displaying help information ······························································································································· 258

Terminating the connection with the SFTP server ····························································································· 259

Configuring the device as an SCP client ··················································································································· 259

Displaying and maintaining SSH ······························································································································· 261

Stelnet configuration examples ··································································································································· 261

Password authentication enabled Stelnet server configuration example ······················································ 261

Publickey authentication enabled Stelnet server configuration example ······················································· 263

Password authentication enabled Stelnet client configuration example ························································ 269

Publickey authentication enabled Stelnet client configuration example ························································ 272

SFTP configuration examples ······································································································································ 274

Password authentication enabled SFTP server configuration example ·························································· 274

Publickey authentication enabled SFTP client configuration example ··························································· 276

SCP file transfer with password authentication ········································································································· 279