Configure IKEv2 Profile

Use the following procedure to create and configure an IKEv2 profile.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click IKE.
  3. Click the V2 Profile tab.
  4. Click Insert.
  5. In the Name field, type a profile name.
  6. Complete the remaining optional configuration to customize the policy.
  7. Click Insert.

V2 Profile Field Descriptions

Use the data in the following table to use the V2 Profile tab.

Name

Description

Name

Specifies the IKE v2 profile name.

HashAlgorithm

Specifies the type of hash algorithm that can be used during IKE version 2 SA version 2 negotiation.

The default value is sha256.

EncryptionAlgorithm

Specifies the encryption algorithms that can be used during IKE version 2 SA version 2 negotiation.

The default value is aesCbc.

EncryptKeyLen

Specifies the type of encryption algorithm. The default value is keylen–256.

DHGroup

Specifies the Diffie-Hellman (DH) group. DH groups categorize the key used in the key exchange process, by its strength. The key from a higher group number is more secure. The default value is modp2048.

ExchangeMode

Specifies the IKE v2 profile negotiation mode.

The default value is main.

LifetimeSeconds

Specifies the lifetime value in seconds. The lifetime ensures that the peers renegotiate the SAs just before the expiry of the lifetime value, to ensure that Security Associations are not compromised. The default value is 86400 seconds.

IntegrityAlgorithm

Specifies the type of integrity algorithm. The default value is sha256.