Configuring an IKE Phase 1 Proposal—Quick Configuration

You can use J-Web Quick Configuration to quickly configure an IKE Phase 1 proposal.

To configure an IKE proposal with Quick Configuration:

Select Configuration > Quick Configuration > VPN > IKE.
The figure below shows the quick configuration page where can you select an existing Phase 1 proposal, or click Add to create a new one.

Figure 53: IKE Phase 1 Proposal Configuration
Select the Phase 1 Proposal tab if it is not selected.
To use an existing proposal, select it from among those listed and click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration page, click Apply.
- To apply the configuration and return to the main Configuration page, click OK.
- To cancel your entries and return to the main page, click Cancel.
To configure a new IKE policy, click Add.
The figure below shows the quick configuration page where you create a new IKE proposal.

Figure 54: IKE Phase 1 Proposal Configuration Options
Fill in the options as described in the table below.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 123: Phase 1 Proposal Configuration Options

Field	Function	Action
IKE Proposal (Phase 1)
Name	The name of the proposal.	Enter a name.
Authentication algorithm	The Authentication Header (AH) algorithm the Services Router uses to verify the authenticity and integrity of a packet. Supported algorithms include the following: md5—Produces a 128-bit digest. sha1—Produces a 160-bit digest. sha-256—Produces a 256-bit digest.	Select an authentication method.
Description	Easy identification of the proposal.	Enter brief description of the IKE proposal.
Dh group	The Diffie-Hellman exchange allows participants to produce a shared secret value over an unsecured medium without actually transmitting the value across the connection.	Select a group. If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals.
Encryption altorithm	Supported Internet Key Exchange (IKE) proposals include the following: 3des-cbc—3DES-CBC encryption algorithm. aes-128-cbc—AES-CBC 128-bit encryption algorithm. aes-192-cbc—AES-CBC 192-bit encryption algorithm. aes-256-cbc—AES-CBC 256-bit encryption algorithm. des-cbc—DES-CBC encryption algorithm.	Select an encryption algorithm.
Lifetime seconds	The lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is replaced by a new SA and security parameter index (SPI) or terminated.	Select a lifetime for the IKE SA. Default: 3,600 seconds. Range: 180 through 86,400 seconds.