H3c-technologies H3C SecPath F1000-E Uživatelský manuál stáhnout pdf (Strana 173)

Disabling Next Payload Field Checking

The Next payload field is in the generic payload header of the last payload of the IKE negotiation

message (the message comprises multiple payloads). According to the protocol, this field must be 0 if the

payload is the last payload of the packet. However, it may be set to other values on some brands of

devices. For interoperability, disable the checking of this field.

Following these steps to disable Next payload field checking:

To do… Use the command… Remark

Enter system view system-view —

Disable Next payload field

checking

ike next-payload check disabled

Required

Enabled by default

Displaying and Maintaining IKE

To do… Use the command… Remarks

Display IKE DPD information display ike dpd [ dpd-name ] Available in any view

Display IKE peer information display ike peer [ peer-name ] Available in any view

Display IKE SA information

display ike sa [ verbose

[ connection-id connection-id |

remote-address remote-address ] ]

Available in any view

Display IKE proposal information display ike proposal Available in any view

Clear SAs established by IKE reset ike sa [ connection-id ] Available in user view

IKE Configuration Examples

Example for Configuring IKE

Network requirements

• As shown in Figure 11, an IPsec tunnel is established through IKE negotiation between gateways

Device A and Device B to allow secure communication between Host A and Host B.

• Device A is configured with an IKE proposal using the sequence number of 10 and the

authentication algorithm of MD5. Device B has only the default IKE proposal.

• The two devices use the pre-shared key authentication method.

1 2 ... 168 169 170 171 172 173 174 175 176 177 178 ... 181 182

Žádné komentáře

H3c-technologies H3C SecPath F1000-E Uživatelský manuál Strana 173