Auto IPSec tunneling provides a secure tunnel between two networked peer controllers or service platforms and associated access points which are within a range of valid IP addresses. Administrators can define which packets are sent within the tunnel, and how they are protected. When a tunnelled peer sees a sensitive packet, it creates a secure tunnel and sends the packet through the tunnel to its remote peer destination or associated access point.
Tunnels are sets of security associations (SAs) between two peers. SAs define the protocols and algorithms applied to sensitive packets and specify the keying mechanisms used by tunnelled peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are established per the rules and conditions of defined security protocols (AH or ESP).
Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration simplicity for the IPSec standard. IKE enables secure communications without time consuming manual pre-configuration for auto IPSec tunneling.
To define an Auto IPSec tunnel configuration or override that can be applied to a profile:
The Settings field lists those Auto IPSec tunnel policies created thus far. Any of these policies can be selected and applied to a profile.
Note
A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.| Group ID | Define a 1 - 64 character identifier for an IKE exchange supporting auto IPSec tunnel secure peers. |
| Authentication Type | Select either RSA or PSK (Pre Shared Key) as the authentication type for secure peer authentication on the auto IPSec secure tunnel. Rivest, Shamir, and Adleman (RSA) is an algorithm for public key cryptography. It is the first algorithm known to be suitable for signing, as well as encryption. The default setting is RSA. |
| Authentication Key | Enter the 8 - 21 character shared key (password) used for auto IPSec tunnel secure peer authentication. |
| IKE Version | Select the IKE version used for auto IPSec tunnel secure authentication with the IPSec gateway. IKEv2 is the default setting. |
| Enable NAT after IPSec | Select this option to enable internal source port NAT on the auto IPSec secure tunnel. |
| Use Unique ID | Select this option to use a unique ID with auto IPSec secure authentication for the IPSec remote gateway (appending the MiNT ID). This setting is disabled by default. |
| Re-Authentication | Select this option to re-authenticate the key on a IKE rekey. This setting is enabled by default. |
| IKE Life Time | Set a lifetime in either seconds (600 - 86,400), minutes (10 - 1,440), hours (1 - 24), or days (1) for IKE security association duration. The default setting is 8600 seconds. |
Print
this page
Email this topic
Feedback
View PDF
Download EPUB