Configure IKE Phase 1 Profile

Use the following procedure to create and configure an IKE Phase 1 profile.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Select IKE.
  3. Select the Profile tab.
  4. Select Insert.
  5. In the Name field, type a profile name.
  6. Complete the remaining optional configuration to customize the policy.
  7. Select Insert.

Profile Field Descriptions

Use the data in the following table to use the Profile tab.

Name

Description

Name

Specifies the name of the profile.

HashAlgorithm

Specifies the hash algorithms that can be used during IKE Phase 1 SA negotiation.

The default value is sha256.

EncryptionAlgorithm

Specifies the encryption algorithms that can be used during IKE Phase 1 SA negotiation.

The default value is aesCbc.

EncryptKeyLen

Specifies the key length that should be used during IKE Phase 1 SA negotiation.

The default value is 256.

DHGroup

Specifies the Diffie-Hellman groups that can be used during IKE Phase 1 SA negotiation.

The default value is modp2048.

ExchangeMode

Specifies the IKE Phase 1 negotiation mode.

The default value is main.

LifetimeSeconds

Specifies the amount of time for which an IKE Phase 1 SA can remain valid during IKE Phase 1 negotiation. A value of 0 means no the SA always remains valid.

The default value is 86400 seconds.