[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring an IPsec Phase 2 Proposal—Quick Configuration (Standard VPNs)

You can use J-Web Quick Configuration to quickly configure IPsec phase 2 proposals. (For information about configuring Phase 2 proposals using the CLI editor or the standard J-Web configuration pages (not Quick Configuration pages), see Configuring an IPsec Phase 2 Proposal (Standard and Dynamic VPNs).)

Before You Begin
For background information, read Virtual Private Networks (VPNs) Overview. Understanding IKE and IPsec Packet Processing. Configuring an IPsec Tunnel—Overview

Before You Begin

For background information, read

Figure 59 shows the quick configuration page where you can select an existing proposal, or click Add to create a new one.

Figure 59: IPsec Phase 2 Proposal Configuration

Image QC_ipsec_p2.gif

Figure 60 shows the quick configuration page where you create a new proposal.

Figure 60: IPsec Phase 2 Proposal Configuration

Image QC_ipsec_p2_add.gif

To configure an IPsec Phase 2 proposal with Quick Configuration:

Select Configure>VPN>IPSec AutoKey .
Select the IPsec Phase 2 Proposal tab if it is not selected
To use an existing proposal, select one from among those listed and click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration page, click Apply.
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.
To configure a new IPsec phase 2 proposal, click Add.
Fill in the options as described in Table 112.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 112: IPsec Phase 2 Proposal Options

Field	Function	Action
IPsec Proposal (Phase 2)
Name	Description of the Phase 2 proposal.	Enter a name.
Description	Identify the proposal	Enter a text description.
Authentication algorithm	Hash algorithm that authenticates packet data. It can be one of the following: hmac-md5-96—Produces a 128-bit digest. hmac-sha1-96—Produces a 160-bit digest.	Select a hash algorithm.
Encryption algorithm	Configures an IKE encryption algorithm. 3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long. des-cbc—Has a block size of 8 bytes; the key size is 48 bits long. aes-128-cbc—AES 128-bit encryption algorithm. aes-192-cbc—AES 192-bit encryption algorithm. aes-256-cbc—AES 256-bit encryption algorithm.	Select an encryption algorithm.
Lifetime kilobytes	The lifetime (in kilobytes) of an IPsec security association (SA). The SA is terminated when the specified number of kilobytes of traffic have passed.	Enter a value from 64 through 1,048,576 bytes.
Lifetime seconds	The lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is replaced by a new SA and security parameter index (SPI) or terminated.	Enter a value from 180 through 86,400 seconds.
Protocol	The type of security protocol.	Select a protocol for the proposal.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]