Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure communications without time consuming manual pre-configuration.
To define a profile's VPN policy settings:
Select the tab from the Web UI.
Expand Security and select VPN.
The IKE Policy tab displays by default.
Select either the IKEv1 or IKEv2 radio button to enforce VPN peer key exchanges using either IKEv1 or IKEv2.
IKEv2 provides improvements from the original IKEv1 design (improved cryptographic mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most deployments. The appearance of the IKE Policy screens differ depending on the selected IKEv1 or IKEv2 mode.
Refer to the following to determine whether an IKE Policy requires creation, modification or removal:
|
Name |
Displays the 32 character maximum name assigned to the IKE policy. |
|
DPD Keep Alive |
Lists each policy's IKE keep alive message interval defined for IKE VPN tunnel dead peer detection. |
|
IKE LifeTime |
Displays each policy's lifetime for an IKE SA. The lifetime defines how long a connection (encryption/authentication keys) should last, from successful key negotiation to expiration. Two peers need not exactly agree on the lifetime, though if they do not, there is some clutter for a superseded connection on the peer defining the lifetime as longer. |
|
DPD Retries |
Lists each policy's number maximum number of keep alive messages sent before a VPN tunnel connection is defined as dead by the peer. This screen only appears when IKEv1 is selected. |
Select Add to define a new IKE Policy configuration, Edit to modify an existing configuration or Delete to remove an existing configuration.