[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring an IPsec Tunnel—Overview

IKE IPsec tunnel negotiation occurs in two phases. In Phase 1, participants establish a secure channel in which to negotiate the IPsec security association (SA). In Phase 2, participants negotiate the IPsec SA for authenticating traffic that will flow through the tunnel.

Before You Begin

For background information, read

Tunnel configuration can be confusing, and a good way to understand it is to keep in mind that just as there are two phases to tunnel negotiation, there are two phases to tunnel configuration. The following procedure lists the order in which you must configure an IPsec tunnel if you use either the J-Web or the J-Web Quick Configuration. Although you need not follow this sequence when using the CLI configuration editor, we recommend that you do. If, for example, you go out of sequence and configure a Phase 1 policy before you have configured a proposal, you cannot easily reference the proposal in the policy because it will not appear in the interface.

  1. Phase 1

    1. Configure IKE Phase 1 proposals. For instructions, see:
    2. Configure IKE policies (and reference the proposals). For instructions, see:
    3. Configure IKE gateway (and reference the policy). For instructions, see:

  2. Phase 2

    1. Configure Phase 2 proposals. For instructions, see:
    2. Configure policies (and reference proposals). For instructions, see:
    3. Configure IPsec Autokey IKE (and reference the policy and gateway). For instructions, see:

In addition to configuring tunnel settings, you should also review your global VPN settings. For more information, see:

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]