Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring IPsec (NSM Procedure)

    The Internet Protocol Security (IPsec) feature allows you to configure policy, proposal, traceoptions, VPN, and VPN monitor options.

    To configure the IPsec feature:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the IPsec feature.
    3. Click the Configuration tab. In the configuration tree, select Security > IPsec.
    4. Enter a comment in the IPsec workspace that describes the IPsec.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the IPsec parameters.

    You can now configure the following options:

    Configuring a Policy (NSM Procedure)

    To configure the policy option:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the policy option.
    3. Click the Configuration tab. In the configuration tree, select Security > IPsec > Policy.
    4. Add or modify settings as specified in Table 1.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the policy settings.

    Table 1: Policy Configuration Details

    OptionFunctionYour Action

    policy

    Name

    Specifies the name of the policy.

    Enter the policy name.

    Comment

    Supplies a descriptive comment for the policy.

    (Optional) Enter a comment.

    Description

    Specifies a text description for the IPsec policy.

    Enter a description.

    Proposal Set

    Specifies the type of default IPsec proposal set.

    Select the proposal set from the list.

    policy > Perfect Forward Secrecy

    Comment

    Supplies a descriptive comment for the perfect forward secrecy option. This is optional.

    Enter a comment.

    Keys

    Defines the Diffies-Hellman group.

    Select the perfect forward Secrecy key from the list.

    policy > Proposals

    Proposals

    Specifies the members added as proposals.

    Select the proposals from the nonmembers list. Then click Add to move them to the members list.

    Configuring Traceoptions (NSM Procedure)

    To configure traceoptions:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the traceoptions.
    3. Click the Configuration tab. In the configuration tree, select Security > IPsec > Traceoptions.
    4. Add or modify settings as specified in Table 2.
    5. Enter a comment in the Traceoptions workspace that describes the traceoptions.
    6. In the Configuration tab. In the configuration tree, select Security > IPsec > Traceoptions > Flag.
    7. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the traceoptions.

    Table 2: Traceoptions Configuration Details

    OptionFunctionYour Action

    Name

    Specifies the trace flag name.

    Select a name from the list.

    Comment

    Supplies a descriptive comment for the trace flag.

    Enter a comment.

    Configuring a VPN (NSM Procedure)

    To configure a VPN:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure a VPN.
    3. Click the Configuration tab. In the configuration tree, select Security > IPsec > Vpn.
    4. Add or modify settings as specified in Table 3.
    5. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the VPN settings.

    Table 3: VPN Configuration Details

    OptionFunctionYour Action

    vpn

    Name

    Specifies the VPN name.

    Enter a name.

    Comment

    Supplies a descriptive comment for the VPN.

    (Optional) Enter a comment.

    Bind Interface

    Specifies the bind to tunnel interface (route-based VPN).

    Enter the interface name.

    Df Bit

    Specifies how to handle the don’t fragment bit.

    Select the option from the list.

    Establish Tunnels

    Defines the criteria to establish tunnels.

    Select the option from the list.

    vpn > Manual > manual > Authentication

    Comment

    Supplies a descriptive comment for the authentication option.

    (Optional) Enter a comment.

    Algorithm

    Defines the authentication algorithm.

    Select the Algorithm from the drop-down box.

    vpn > Manual > manual > Authentication > Key

    Comment

    Specifies a descriptive comment for the authentication key.

    (Optional) Enter a comment.

    vpn > Manual > manual > Authentication > Key > Ascii Text

    None

    Specifies that neither the ascii-text nor the hexadecimal key is enabled.

    Select the option.

    ascii-text

    Enables the ASCII text key.

    Select the option and enter the ASCII text key.

    hexadecimal

    Enables the hexadecimal text key.

    Select the option and enter the hexadecimal text key.

    vpn > Manual > manual > Encryption

    Comment

    Supplies a descriptive comment for the encryption option.

    (Optional) Enter a comment.

    Algorithm

    Defines the encryption algorithm.

    Select the Algorithm from the list.

    vpn > Manual > manual > Encryption > Key

    Comment

    Specifies a descriptive comment for the encryption key.

    (Optional) Enter a comment.

    vpn > Manual > manual > Encryption > Key > Ascii Text

    None

    Specifies that neither the ascii-text or hexadecimal key is enabled.

    Select the option.

    ascii-text

    Enables the ASCII text key.

    Select the option and enter the ASCII text key.

    hexadecimal

    Enables the hexadecimal text key.

    Select the option and enter the hexadecimal text key.

    vpn > Manual > ike

    Comment

    Specifies a descriptive comment for the IKE.

    Enter a comment.

    Gateway

    Specifies the remote gateway name.

    Select the gateway from the list.

    Idle Time

    Specifies the idle time to remove Secure Authentication (SA).

    Set the idle time. Range: 60 - 999999.

    No Anti Replay

    Disable the snit-reply check.

    Select the No Anti Replay check box.

    IPsec Policy

    Specifies the name of the IPsec policy.

    Select the IPsec policy from the list.

    Install Interval

    Delays the installation of re-entered outbound SAs on the initiator.

    Set the duration of the installation. Range: 1 - 10.

    vpn > Manual > ike > Proxy identity

    Enable Feature

    Enables the proxy identity feature.

    Select the Enable Feature check box to enable this feature.

    Comment

    Specifies a descriptive comment for the proxy identity option.

    (Optional) Enter a comment.

    Local

    Specifies the local IP address.

    Enter the IP address.

    Remote

    Specifies the remote IP address.

    Enter the IP address.

    Service

    Specifies the name of the service.

    Select the service from the list.

    vpn > Vpn Monitor

    Enable Feature

    Allows to configure Vpn monitor.

    Select the Enable Feature check box to enable this feature.

    Comment

    Specifies a descriptive comment for the VPN monitor.

    (Optional) Enter a comment.

    Optimized

    Specifies that the VPN monitor is optimized for scalability.

    Select the Optimized check box to enable this feature.

    Source Interface

    Specifies source interface for monitor messages.

    Enter the source interface.

    Destination IP

    Specifies destination IP address for monitor messages.

    Enter the destination IP address.

    Configuring VPN Monitor Options (NSM Procedure)

    To configure VPN monitor options:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure the VPN monitor options.
    3. Click the Configuration tab. In the configuration tree, select Security > IPsec > Vpn Monitor Options.
    4. Select the Enable Feature check box from the Vpn Monitor Options workspace.
    5. Add or modify settings as specified in Table 4.
    6. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.
      • Apply—Applies the VPN monitor options.

    Table 4: VPN Monitor Options Configuration Details

    OptionFunctionYour Action

    Comment

    Supplies a descriptive comment for the for the VPN monitor options.

    Enter a comment.

    Interval

    Specifies (in seconds) the duration of monitoring interval.

    Set the interval duration. Range: 1 - 3600.

    Threshold

    Specifies the number of consecutive failures to determine connectivity.

    Set the threshold to determine connectivity. Range: 1 - 65536.

    Published: 2013-01-06