[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring an IPsec Policy

An IPsec policy defines a combination of security parameters (IPsec proposals) used during IPsec negotiation. During the IPsec negotiation, IPsec looks for an IPsec proposal that is the same on both peers. The peer that initiates the negotiation sends all its policies to the remote peer, and the remote peer tries to find a match.

A match is made when both policies from the two peers have a proposal that contains the same configured attributes. If the lifetimes are not identical, the shorter lifetime between the two policies (from the host and peer) is used.

To configure an IPsec policy:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 33.
  3. Go on to Configuring IPsec Rules.

Table 33: Configuring IPsec Policy

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Services>Ipsec vpn>Ipsec level in the configuration hierarchy.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Services, click Configure or Edit.
  3. Next to Ipsec vpn, click Configure.
  4. Next to Ipsec, click Configure.

From the [edit] hierarchy level, enter

edit services ipsec-vpn ipsec

Configure an IPsec policy—for example, ipsec-dynamic-policy.
  1. Next to Policy, click Add new entry.
  2. In the Name box, type ipsec-dynamic-policy.

Enter

set policy ipsec-dynamic-policy

Configure the IPsec proposal to be used for the IPsec policy—for example, ipsec-dynamic-proposal.

  1. Next to Proposals, click Add new entry.
  2. In the Value keyword, type ipsec-dynamic-proposal.
  3. Click OK until you return to the main Configuration page.

Enter

set policy ipsec-dynamic-policy proposals ipsec-dynamic-proposa

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]