Configuring An Ike Peer - 3Com MSR 50 Series Configuration Manual

3com msr 30-16: software guide

Hide thumbs Also See for MSR 50 Series:

Safety information manual (12 pages)

Table of Contents

Configuring an IKE

Specify an authentication

algorithm for the IKE proposal

Specify a DH group for key

negotiation in phase 1

Specify the ISAKMP SA

lifetime for the IKE proposal

Before an ISAKMP SA expires, IKE will negotiate a new SA to replace it. Since DH

calculation in the IKE negotiation takes longer time especially on low-end devices,

it is recommended to set the lifetime greater than 10 minutes to prevent the

update from influencing normal communication.

Follow these steps to configure an IKE peer:

Enter system view

Create an IKE peer and enter

IKE peer view

Specify the IKE negotiation

mode in phase 1

Configure the pre-shared

key for pre-shared key

authentication

Configure the PKI domain

for digital signature

authentication

Select the ID type in IKE

negotiation phase 1

name for the

local security

name for the

Specify an IP

IP addresses

Specify one or

addresses for

Use the command...

authentication-algorithm

{ md5 | sha }

dh { group1 | group2 |

group5 | group14 }

sa duration seconds

Use the command...

ike peer peer-name

exchange-mode

{ aggressive | main }

pre-shared-key key

certificate domain

id-type { ip | name }

"Configuring a Name

for the Local Security

Gateway" on page 1904

remote-name name

local-address ip-address

remote-address

low-ip-address

[ high-ip-address ]