Add an IPSec Policy
You are here: Configure > Security Services > IPSec VPN > IKE (Phase I).
To add an IKE policy:
- Click the add icon (+) on the upper right side
of the IKE Policy tab of IKE (Phase I) page.
The Add Policy page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add Policy Page
Field | Action |
|---|---|
| IKE Policy | |
Name | Enter the policy name. |
Description | Enter a description of the policy. |
Mode | Select a mode from the list:
Note: When this IKE policy is configured for Dynamic VPN, the mode should be aggressive. |
Proposal | |
Predefined | Click Predefined, and select a Phase 1 proposal types:
|
User defined | Select User defined for Phase 1 proposal. Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table. |
Proposal List | Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table. Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined. |
| IKE Policy Options | |
Pre Shared Key | Specifies use of a preshared key for the VPN. The available options are as follows:.
If a preshared key is selected, then configure the appropriate key. Note: When this IKE policy is configured for Dynamic VPN, select Pre Shared Key. |
Certificate | Select this option to use a certificate for the VPN. |
Local Certificate | Enter a local certificate identifier when the local device has multiple loaded certificates. |
Peer Certificate Type | Specifies use of a preferred type of certificate. Select a certificate type:
|
Trusted CA | Specifies the preferred CA to use when requesting a certificate from the peer. If no value is specified, then no certificate request is sent (although incoming certificates are still accepted). Select a trusted CA from the list:
|