An IKE proposal determines the authentication method, authentication and encryption algorithms, lifetime for the authentication and encryption keys, and the Diffie-Hellman group that determines the cryptographic strength of the key negotiation. You can configure one or more IKE proposals.
To configure an IKE proposal:
Table 30: Configuring IKE Proposal
|
Task |
J-Web Configuration Editor |
CLI Configuration Editor |
|---|---|---|
|
Navigate to the Services>Ipsec vpn>Ike level in the configuration hierarchy. |
|
From the [edit] hierarchy level, enter edit services ipsec-vpn ike |
|
Configure an IKE proposal—for example, ike-dynamic-proposal—that defines the authentication method, authentication and encryption algorithms, and the lifetime of the keys. |
|
Enter set proposal ike-dynamic-proposal |
|
Configure the authentication algorithm—for example, sha1. |
In the Authentication algorithm box, select sha1. |
Enter set proposal ike-dynamic-proposal authentication-algorithm sha1 |
|
Configure the authentication method—for example, pre-shared-keys. Note: Alternatively, you can use digital certificates as an authentication method. For details, see Configuring Digital Certificates for IPsec Tunnels. |
In the Authentication method box, select pre-shared-keys. |
Enter set proposal ike-dynamic-proposal authentication-method pre-shared-keys |
|
Configure the Diffie-Helman group to be used for key negotiations—for example, group1. |
In the Dh group box, select group1. |
Enter set proposal ike-dynamic-proposal dh-group group1 |
|
Configure an encryption algorithm—for example, 3des-cbc. |
In the Encryption algorithm box, select 3des-cbc. |
Enter set proposal ike-dynamic-proposal encryption-algorithm 3des-cbc |
|
Configure the lifetime (in seconds) of the encryption and authentication keys—for example, 3600. |
|
Enter set proposal ike-dynamic-proposal lifetime-seconds 3600 |