[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring IPsec Autokey—Quick Configuration

You can use J-Web Quick Configuration to quickly configure IPsec AutoKey.

Before You Begin
For background information, read Configuring an IPsec Policy—Quick Configuration.

Figure 100 shows the quick configuration page, where you can select an existing AutoKey VPN, or click Add to create a new one.

Figure 100: IPsec AutoKey Configuration

Image QC_ipsec_auto.gif

Figure 101 shows the quick configuration page where you create a new IPsec AutoKey VPN.

Figure 101: lPSec AutoKey Configuration Options

Image QC_ipsec_auto_add.gif

To configure an AutoKey VPN with Quick Configuration:

Select Configuration > Quick Configuration > VPN > IPSec AutoKey.
Select the IPSec AutoKey tab if it is not selected.
To use an existing IPsec AutoKey VPN, select one from among those listed and click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration page, click Apply.
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel
To configure a new ISec AutoKey VPN, click Add.
Fill in the options as described in Table 70.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 70: IPsec AutoKey Configuration Options

Field	Function	Action
IPsec Autokey VPN
VPN Name	Name of the IPsec tunne.l	Enter a name.
Remote gateway	Name of the remote gateway.	Select a name.
Idle time	The maximum amount of time to allow a security association (SA) to be idle before deleting it.	Specify a value between 60 and 999,999 seconds.
Install interval	The maximum number of seconds to allow the installation of a rekeyed outbound security association (SA) on the device.	Specify a value between 0 and 10 seconds.
IPsec policy	Associate a policy with this IPsec tunnel.	Select a policy.
Disable anti replay	Disable the anti-replay checking feature of IPsec. By default, anti-replay checking is enabled.	Click the check box.
Use proxy identity	Optionally, specify the IPsec proxy identify to use in IKE negotiations. The default behavior is to use the identities taken from the firewall policies.	Click the check box.
Local IP/Netmask	The local IP address and subnet mask for the proxy identity.	Enter an IP address and subnet mask.
Remote IP/Netmask	The remote IP address and subnet mask for the proxy identity.	Enter an IP address and subnet mask.
Service	The service (port and protocol combination) to protect.	Select a service.
Bind to tunnel interface	The tunnel interface to which the route-based virtual private network (VPN) is bound.	Select an interface.
Don't fragment bits	Specifies how the device handles the Don't Fragment (DF) bit in the outer header. clear—Clear (disable) the DF bit from the outer header. This is the default. copy—Copy the DF bit to the outer header. set—Set (enable) the DF bit in the outer header.	Choose an option.
Establish tunnels	Specifies when IKE is activated. immediately—IKE is activated immediately after VPN configuration and configuration changes are committed. on-traffic—IKE is activated only when data traffic flows and must be negotiated.	Choose an option.
Enable VPN monitor	Allows for monitoring of the VPN.	Click the check box.
Destination ip	IP address of the destination peer.	Enter an IP address.
Optimized	Specifies that the device uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.	Click the check box.
Source interface	The source interface for ICMP requests (VPN monitoring “ hellos” ). If no source interface is specified, the device automatically uses the local tunnel endpoint interface.	Specify a source interface.

[Contents] [Prev] [Next] [Index] [Report an Error]