[Prev][Next][Report an Error]

Configuring an IPSec Phase 2 Proposal—Quick Configuration

You can use J-Web Quick Configuration to quickly configure IPSec phase 2 proposals.

To configure an IPSec Phase 2 proposal with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IPSec AutoKey.

    The figure below shows the quick configuration page where you can select an existing proposal, or click Add to create a new one.

    Figure 63: IPSec Phase 2 Proposal Configuration

    IPSec Phase 2 Proposal Configuration

  2. Select the IPSec Phase 2 Proposal tab if it is not selected.
  3. To use an existing proposal, select one from from among those listed and click one of the following buttons:

  4. To configure a new IPSec phase 2 proposal, click Add.

    The figure below shows the quick configuration page where you create a new proposal.

    Figure 64: IPSec Phase 2 Proposal Configuration

    IPSec Phase 2 Proposal Configuration

  5. Fill in the options as described in the table below.
  6. Click one of the following buttons:

Table 128: IPSec Phase 2 Proposal Options

Field

Function

Action

IPSec Proposal (Phase 2)

Name

Description of the Phase 2 proposal.

Enter a name.

Description

Identify the proposal

Enter a text description.

Authentication algorithm

Hash algorithm that authenticates packet data. It can be one of the following:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select a hash algorithm.

Encryption algorithm

Configures an IKE encryption algorithm.

  • 3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long.
  • des-cbc—Has a block size of 8 bytes; the key size is 48 bits long.
  • aes-128-cbc—AES 128-bit encryption algorithm.
  • aes-192-cbc—AES 192-bit encryption algorithm.
  • aes-256-cbc—AES 256-bit encryption algorithm.

Select an encryption algorithm.

Lifetime kilobytes

The lifetime (in kilobytes) of an IPSec security association (SA). The SA is terminated when the specified number of kilobytes of traffic have passed.

Enter a value from 64 through 1,048,576 bytes.

Lifetime seconds

The lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is replaced by a new SA and security parameter index (SPI) or terminated.

Enter a value from 180 through 86,400 seconds.

Protocol

The type of security protocol.

Select a protocol for the proposal.


[Prev][Next][Report an Error]