H3C SecPath F1800-A Operation Manual page 544

Operation Manual - VPN
H3C SecPath F1800-A Firewall
Table 3-31 Selecting authentication algorithm
Select authentication algorithm.
Restore
algorithm.
V. Selecting DH Group ID
This configuration task is to specify a DH group ID for the IKE proposal.
Do as follows in IKE proposal view.
Table 3-32 Selecting DH group ID
Select DH group ID.
Restore the default DH group ID.
VI. Setting Life Duration of ISAKMP SA
This configuration task is to specify ISAKMP SA life duration for the IKE proposal.
Do as follows in IKE proposal view.
Table 3-33 Setting life duration of ISAKMP SA
Set life duration of ISAKMP SA.
Restore the default life duration.
If duration times out, the ISAKMP SA will automatically update. The life duration can
be set as one number from 60 to 604800 seconds. The IKE negotiation needs to carry
out DH algorithm, which will take a longer period of time.
For the purpose that the update of ISAKMP SA does not affect the security
communication, it is recommended you set the duration greater than 10 minutes.
A new SA will be negotiated in advance before the old one expires. Before the new SA
is created, the old one is still in use. The new SA will take effect as soon as it is created
and the old one will be automatically deleted after its life duration expires.
By default, the life duration of ISAKMP SA is 86400 seconds (a day).
Action
the default authentication
Action
Action
7-64
Chapter 3 IPSec Configuration
Command
authentication-algorithm { md5 |
sha }
undo authentication-algorithm
Command
dh { group1 | group2 }
undo dh
Command
sa duration seconds
undo sa duration