[Prev][Next][Report an Error]

Configuring IPSec Autokey—Quick Configuration

You can use J-Web Quick Configuration to quickly configure IPSec AutoKey.

Before You Begin

For background information, read Configuring an IPSec Policy—Quick Configuration

To configure an AutoKey VPN with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IPSec AutoKey.

    The figure below shows the quick configuration page, where you can select an existing AutoKey VPN, or click Add to create a new one.

    Figure 59: IPSec AutoKey Configuration

    IPSec AutoKey Configuration

  2. Select the IPSec AutoKey tab if it is not selected.
  3. To use an existing IPSec AutoKey VPN, select one from among those listed and click one of the following buttons:

  4. To configure a new ISec AutoKey VPN, click Add.

    The figure below shows the quick configuration page where you create a new IPSec AutoKey VPN.

    Figure 60: lPSec AutoKey Configuration Options

    lPSec AutoKey Configuration Options

  5. Fill in the options as described in the table below.
  6. Click one of the following buttons:

Table 115: IPSec AutoKey Configuration Options

Field

Function

Action

IPSec AutoKey VPN

VPN Name

Name of the IPSec tunnel.

Enter a name.

Remote gateway

Name of the remote gateway.

Select a name.

Idle time

The maximum amount of time to allow a security association (SA) to be idle before deleting it.

Specify a value between 60 and 999,999 seconds.

Install interval

The maximum number of seconds to allow the installation of a rekeyed outbound security association (SA) on the router.

Specify a value between 0 and 10 seconds.

IPSec policy

Associate a policy with this IPSec tunnel.

Select a policy.

Disable anti replay

Disable the anti-replay checking feature of IPSec. By default, anti-replay checking is enabled.

Click the check box.

Use proxy identity

Optionally, specify the IPSec proxy identify to use in IKE negotiations. The default behavior is to use the identities taken from the firewall policies.

Click the check box.

Local IP/Netmask

The local IP address and subnet mask for the proxy identity.

Enter an IP address and subnet mask.

Remote IP/Netmask

The remote IP address and subnet mask for the proxy identity.

Enter an IP address and subnet mask.

Service

The service (port and protocol combination) to protect.

Select a service.

Bind to tunnel interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Select an interface.

Don’t fragment bits

Specifies how the router handles the Don’t Fragment (DF) bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • copy—Copy the DF bit to the outer header.
  • set—Set (enable) the DF bit in the outer header.

Choose an option.

Establish tunnels

Specifies when IKE is activated.

  • immediately—IKE is activated immediately after VPN configuration and configuration changes are committed.
  • on-traffic—IKE is activated only when data traffic flows and must be negotiated.

Choose an option.

Enable VPN monitor

Allows for monitoring of the VPN.

Click the check box.

Destination ip

IP address of the destination peer.

Enter an IP address.

Optimized

Specifies that the router uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Click the check box.

Source interface

The source interface for ICMP requests (VPN monitoring “hellos”). If no source interface is specified, the router automatically uses the local tunnel endpoint interface.

Specify a source interface.


[Prev][Next][Report an Error]