Adding Editing IKEv1 Policy
You can add a new IKEv1 Policy of edit and existing policy.
-
Click Add to define a
new IKEv1 Policy configuration, Edit to modify an
existing configuration, or Delete to remove
an existing configuration.
Profile Security - IKE Policy - Add/Edit Screen
- If you are creating a new IKEv1 policy, assign it a 32-character maximum Name to help differentiate this IKE configuration from others with similar parameters.
-
Configure the following IKEv1
settings:
DPD Keep Alive
Configure the IKE keep alive message interval used for dead peer detection on the remote end of the IPSec VPN tunnel. Set this value in either seconds (10 - 3,600), minutes (1 - 60), or hours (1). The default setting is 30 seconds. This setting is required for both IKEv1 and IKEV2.
Mode
If you are using IKEv1, define the IKE mode as either Main or Aggressive. IPSEC has two modes in IKEv1 for key exchanges. Aggressive mode requires 3 messages be exchanged between the IPSEC peers to set up the SA, Main requires 6 messages. The default setting is Main.
DPD Retries
Set the maximum number of keep alive messages sent before a VPN tunnel connection is defined as dead. The available range is from 1 - 100. The default setting is 5.
IKE LifeTime
Set the lifetime defining how long a connection (encryption/authentication keys) should last from successful key negotiation to expiration. Set this value in either seconds (600 - 86,400), minutes (10 - 1,440), hours (1 - 24), or days (1). This setting is required for both IKEv1 and IKEv2.
-
Click +Add Row, in the
IKE Proposal
table to define the network address of a target peer and its security
settings.
Name
If you are creating a new IKE policy, assign the target peer (tunnel destination) a 32-character maximum name to distinguish it from others with a similar configuration.
DH Group
Define a DH (Diffie-Hellman) identifier used by the VPN peers to derive a shared secret password without having to transmit. DH groups determine the strength of the key used in key exchanges. The higher the group number, the stronger and more secure the key. Options include 2, 5 and 14. The default setting is 5.
Encryption
Select an encryption method used by the tunnelled peers to securely interoperate. Options include 3DES, AES, AES-192, and AES-256. The default setting is AES-256.
Authentication
Select an authentication hash algorithm used by the peers to exchange credential information. Options include SHA, SHA256, and MD5. The default setting is SHA.
-
Click OK to save the
changes made in the IKE
Policy screen.
Click Reset to revert to the last saved configuration. Click the Delete Row icon as needed to remove a peer configuration.
-
Click +Add Row in the IKE Proposal
table to define the network address of a target peer and its security
settings.
Name
If you are creating a new IKE policy, assign the target peer (tunnel destination) a 32-character maximum name to distinguish it from others with a similar configuration.
DH group
Define a DH identifier used by the VPN peers to derive a shared secret password without having to transmit. DH groups determine the strength of the key used in key exchanges. The higher the group number, the stronger and more secure the key. Options include 2, 5 and 14. The default setting is 5.
Encryption
Select an encryption method used by the tunnelled peers to securely interoperate. Options include 3DES, AES, AES-192 and AES-256. The default setting is AES-256.
Authentication
Select an authentication hash algorithm used by the peers to exchange credential information. Options include SHA, SHA256 and MD5. The default setting is SHA.
-
Click OK to save the changes made in the IKE Policy
screen.
Click Reset to revert to the last saved configuration. Click the Delete Row icon as needed to remove a peer configuration.p