Insert ing title

About this task

To add or edit an IKev1 or IKEv2 peer configuration.

Procedure

  1. Select either IKEv1 or IKEv2 to enforce VPN key exchanges using either IKEv1 or IKEv2.
  2. Click Add to define a new peer configuration, Edit to modify an existing configuration, or Delete to remove an existing peer configuration.

    The parameters that can de defined for the peer configuration vary depending on whether IKEv1 or IKEv2 was selected.

    Click to expand in new window
    Profile Security - VPN IKE Policy - Add IKE Peer Screen
    GUID-8C763037-ECEB-4D90-9019-ECA454568D0D-low.png

    Name

    If you are creating a new peer configuration (remote gateway) for VPN tunnel connection, assign it a 32-character maximum name to distinguish it from other with similar attributes.

    IP Type

    Enter either the IP address or the FQDN hostname of the IPSec VPN peer used in the tunnel setup. A hostname cannot exceed 64 characters.

    Authentication Type

    Select the authentication type used by the VPN peer. The options are: PSK or rsa. RSA is an algorithm for public key cryptography. It is the first algorithm known to be suitable for signing and encryption If using IKEv2, this screen displays both local and remote authentication options, because both ends of the VPN connection require authentication.

    RSA is the default value for both local and remote authentication, regardless of whether IKEv1 or IKEv2 is used.

    Authentication Value

    Define the authentication string (shared secret) shared by both ends of the VPN tunnel connection. The string must be between 8 - 21 characters long. If using IKEv2, both a local and remote string must be specified for handshake validation at both ends (local and remote) of the VPN connection.

    Local Identity

    Select the local identifier used with this peer configuration for an IKE exchange with the target VPN IPSec peer. Options include IP Address, Distinguished Name, FQDN, email, string, autogen-uniqueid. The default setting is string.

    Remote Identity

    Select the remote identifier used with this peer configuration for an IKE exchange with the target VPN IPSec peer. Options include IP Address, Distinguished Name, FQDN, email, and string. The default setting is string.

    IKE Policy Name

    Select the IKEv1 or IKE v2 policy name (and settings) to apply to this peer configuration. If you need to create a new policy, click the Create icon.

  3. Click OK to save the changes made in the peer configuration screen.

    Click Reset to revert to the last saved configuration.