Configure IKE Phase 1 Profile

Use the following procedure to create and configure an IKE Phase 1 profile.

Procedure

  1. In the navigation pane, expand Configuration > Security > Control Path.
  2. Click IKE.
  3. Click the Profile tab.
  4. Click Insert.
  5. In the Name field, type a profile name.
  6. Complete the remaining optional configuration to customize the policy.
  7. Click Insert.

IKE profile field descriptions

Use the data in the following table to use the IKE > Profile tab.

Name

Description

Name

Description

Name

Specifies the name of the profile.

HashAlgorithm

Specifies the hash algorithms that can be used during IKE Phase 1 SA negotiation.

The default value is sha256.

EncryptionAlgorithm

Specifies the encryption algorithms that can be used during IKE Phase 1 SA negotiation.

The default value is aesCbc.

EncryptKeyLen

Specifies the key length that should be used during IKE Phase 1 SA negotiation.

The default value is 128.

DHGroup

Specifies the Diffie-Hellman groups that can be used during IKE Phase 1 SA negotiation.

The default value is mod1024.

ExchangeMode

Specifies the IKE Phase 1 negotiation mode.

The default value is main.

LifetimeSeconds

Specifies the amount of time for which an IKE Phase 1 SA can remain valid during IKE Phase 1 negotiation. A value of 0 means no the SA always remains valid.

The default value is 86400 seconds.