3Com Router 3000 Ethernet Family
Configuration Guide
8.2 IKE Configuration
IKE configuration includes:
1)
Set a name for the local security GW
2)
Define IKE proposal
Establish IKE Proposal
Select encryption algorithm
Select authentication method
Select authentication algorithm
Select Diffie-Hellman Group ID
Set lifetime of ISAKMP SA (optional)
3)
Configure IKE peer
Create an IKE peer
Configure IKE negotiation mode
Configure identity authentication key (pre-shared key)
Configure ID type in IKE negotiation
Specify ID of the remote security GW
Configure IP addresses for local and remote security GWs
Configure NAT traversal
Configure subnet type of the IKE peer
4)
Configure the parameters of Keepalive timer
Configure interval for Keepalive transmission
Configure timeout time for Keepalive
The term "security GW" here refers to the device configured with IPSec/IKE. It can be a
GW or a router.
8.2.1 Setting a Name for the Local Security GW
If the initiator uses the GW name in IKE negotiation (that is, id-type name is used), you
must configure the ike local-name command on the local device.
Perform the following configuration in system view.
Table 8-1 Configure name of the local security GW
Configure name of the local security GW.
Restore the default name of the local security GW.
Operation
3Com Corporation
8-4
Chapter 8 IKE Configuration
Command
ike local-name name
undo ike local-name