[Prev][Next][Report an Error]

Configuring an IKE Phase 1 Proposal—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IKE Phase 1 proposal.

To configure an IKE proposal with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IKE.

    The figure below shows the quick configuration page where can you select an existing Phase 1 proposal, or click Add to create a new one.

    Figure 53: IKE Phase 1 Proposal Configuration

    IKE Phase 1 Proposal Configuration

  2. Select the Phase 1 Proposal tab if it is not selected.
  3. To use an existing proposal, select it from among those listed and click one of the following buttons:

  4. To configure a new IKE policy, click Add.

    The figure below shows the quick configuration page where you create a new IKE proposal.

    Figure 54: IKE Phase 1 Proposal Configuration Options

    IKE Phase 1 Proposal Configuration Options

  5. Fill in the options as described in the table below.
  6. Click one of the following buttons:

Table 112: Phase 1 Proposal Configuration Options

Field

Function

Action

IKE Proposal (Phase 1)

Name

The name of the proposal.

Enter a name.

Authentication algorithm

The Authentication Header (AH) algorithm the Services Router uses to verify the authenticity and integrity of a packet. Supported algorithms include the following:

  • md5—Produces a 128-bit digest.
  • sha1—Produces a 160-bit digest.
  • sha-256—Produces a 256-bit digest.

Select an authentication method.

Description

Easy identification of the proposal.

Enter brief description of the IKE proposal.

Dh group

The Diffie-Hellman exchange allows participants to produce a shared secret value over an unsecured medium without actually transmitting the value across the connection.

Select a group. If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals.

Encryption altorithm

Supported Internet Key Exchange (IKE) proposals include the following:

  • 3des-cbc—3DES-CBC encryption algorithm.
  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.
  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.
  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.
  • des-cbc—DES-CBC encryption algorithm.

Select an encryption algorithm.

Lifetime seconds

The lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is replaced by a new SA and security parameter index (SPI) or terminated.

Select a lifetime for the IKE SA. Default: 3,600 seconds. Range: 180 through 86,400 seconds.


[Prev][Next][Report an Error]