Adding Editing IKEv2 Policy

About this task

You can add a new IKEv2 Policy of edit and existing policy.

Before you begin

Procedure

  1. Select Add to define a new IKEv2 Policy configuration, Edit to modify an existing configuration or Delete to remove an existing configuration.
  2. If you are creating a new IKEv2 policy, assign it a 32-character maximum Name to help differentiate this IKE configuration from others with similar parameters.
  3. Configure the following IKEv2 settings:

    Name

    If creating a new IKE policy, assign it a 32 character maximum name to help differentiate this IKE configuration from others with similar parameters.

    DPD Keep Alive

    Configure the IKE keep alive message interval used for dead peer detection on the remote end of the IPSec VPN tunnel. Set this value in either Seconds (10 - 3,600), Minutes (1 - 60) or Hours (1). The default setting is 30 seconds. This setting is required for both IKEv1 and IKEV2.

    IKE LifeTime

    Set the lifetime defining how long a connection (encryption/authentication keys) should last from successful key negotiation to expiration. Set this value in either Seconds (600 - 86,400), Minutes (10 - 1,440), Hours (1 - 24) or Days (1). This setting is required for both IKEv1 and IKEV2.

  4. Click +Add Row, in the IKE Proposal table to define the network address of a target peer and its security settings.

    Name

    If creating a new IKE policy, assign the target peer (tunnel destination) a 32 character maximum name to distinguish it from others with a similar configuration.

    DH Group

    Use the drop-down menu to define a DH (Diffie-Hellman) identifier used by the VPN peers to derive a shared secret password without having to transmit. DH groups determine the strength of the key used in key exchanges. The higher the group number, the stronger and more secure the key. Options include 2, 5 and 14. The default setting is 5.

    Encryption

    Select an encryption method used by the tunneled peers to securely interoperate. Options include 3DES, AES, AES-192 and AES-256. The default setting is AES-256.

    Authentication

    Select an authentication hash algorithm used by the peers to exchange credential information. Options include SHA and MD5. The default setting is SHA.

  5. Select OK to save the changes made within the IKE Policy screen.

    Select Reset to revert to the last saved configuration. Select the Delete Row icon as needed to remove a peer configuration.