Add a Proposal
You are here: Configure > Security Services > IPSec VPN > IKE (Phase I).
To add a proposal:
- Click the add icon (+) on the upper right side
of the Proposal tab of IKE (Phase I) page.
The Add Proposal page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add Proposal Page
Enter a name of the proposal.
Specifies the AH algorithm that the device uses to verify the authenticity and integrity of a packet. Select a hash algorithm from the list:
Specifies the method the device uses to authenticate the source of IKE messages. Select an option from the list:
Enter a brief description of the IKE proposal.
Specifies the Diffie-Hellman group. The DH exchange allows participants to produce a shared secret value over an unsecured medium without actually transmitting the value across the connection.
Select a group from the list:
If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals.
Specifies the supported Internet Key Exchange (IKE) proposals. Select an encryption algorithm from the list:
Select a lifetime for the IKE SA. Default: 3,600 seconds. Range: 180 through 86,400 seconds.
When the SA expires, it is replaced by a new SA and SPI or is terminated.