[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring an IKE Phase 1 Proposal—Quick Configuration (Dynamic VPNs)

You can use J-Web Quick Configuration to quickly configure an IKE Phase 1 proposal. (For information about configuring a Phase 1 proposal using the CLI editor or the standard J-Web configuration pages (not Quick Configuration pages), see Configuring an IKE Phase 1 Proposal (Standard and Dynamic VPNs).)

Before You Begin
For background information, read: Dynamic VPN Overview. Configuring a Dynamic VPN—Overview.

Before You Begin

For background information, read:

Figure 81 shows the Quick Configuration page where you can select an existing proposal, or click Add to create a new one.

Figure 81: IKE Phase 1 Proposal Quick Configuration Page – Adding a Proposal

Image vpn-dynamic-ike-phase-1-qc-add.gif

Figure 82 shows the Quick Configuration page where you create a new proposal.

Figure 82: IKE Phase 1 Proposal Quick Configuration Page – Configuring a Proposal

Image vpn-dynamic-ike-phase-1-qc.gif

To configure a Phase 1 Proposal with Quick Configuration:

Select Configure>IPSec VPN>Dynamic VPN>IKE.
Select the Phase 1 Proposal tab if it is not selected.
To modify an existing proposal, click the appropriate link in the Name column to go to the proposal’s configuration page. Or, select the proposal from among those listed and click one of the following buttons:
- To apply the configuration, click Apply.
- To delete the configuration, click Delete.
To configure a new Phase 1 proposal, click Add.
Fill in the options as described in Table 118.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 118: Phase 1 Proposal Configuration Options

Field	Function	Action
IKE Proposal (Phase 1)
Name	Name to identify the proposal.	Enter a name.
Authentication algorithm	Authentication Header (AH) algorithm the device uses to verify the authenticity and integrity of a packet. Supported algorithms include the following: md5—Produces a 128-bit digest. sha1—Produces a 160-bit digest. sha-256—Produces a 256-bit digest.	Select an authentication algorithm.
Authentication method	Method the device uses to authenticate the source of Internet Key Exchange (IKE) messages. The dynamic VPN feature only uses preshared keys for authentication. With this method, both participants must have the key before beginning tunnel negotiations.	No action is required. The device displays this information for informational purposes only.
Description	Description of the proposal.	Enter a brief description of the Phase 1 proposal.
Dh group	Allow participants to produce a shared secret value over an unsecured medium without actually transmitting the value across the connection.	Select a Diffie-Hellman group. If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals.
Encryption algorithm	Supported Internet Key Exchange (IKE) proposals include the following: 3des-cbc—3DES-CBC encryption algorithm aes-128-cbc—AES-CBC 128-bit encryption algorithm aes-192-cbc—AES-CBC 192-bit encryption algorithm aes-256-cbc—AES-CBC 256-bit encryption algorithm des-cbc—DES-CBC encryption algorithm	Select an encryption algorithm.
Lifetime seconds	Lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is either replaced by a new SA and security parameter index (SPI) or the SA is terminated.	Select a lifetime for the IKE security association (SA). Range: 180 through 86,400 seconds. Default: 3,600 seconds.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]