[Prev][Next][Report an Error]
Configuring an IPsec Phase 2 Proposal—Quick
Configuration
You can use J-Web Quick Configuration to quickly
configure IPsec phase 2 proposals.
Figure 71 shows the quick
configuration page where you can select an existing proposal, or click Add to create a new one.
Figure 71: IPsec Phase 2 Proposal Configuration
Figure 72 shows the quick
configuration page where you create a new proposal.
Figure 72: IPsec Phase 2 Proposal Configuration
To configure an IPsec Phase 2 proposal with Quick
Configuration:
- Select Configuration > Quick Configuration > VPN > IPSec AutoKey.
- Select the IPsec Phase 2 Proposal tab if it is
not selected
- To use an existing proposal, select one from from among
those listed and click one of the following buttons:
- To apply the configuration and stay on the Quick Configuration
page, click Apply.
- To apply the configuration and return to the main Configuration
page, click OK.
- To cancel your entries and return to the main page, click Cancel.
- To configure a new IPsec phase 2 proposal, click Add.
- Fill in the options as described in Table 144.
- Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration
page, click Cancel.
Table 144: IPsec Phase 2 Proposal
Options
|
Field
|
Function
|
Action
|
| IPSec Proposal
(Phase 2) |
|
Name
|
Description of the Phase 2 proposal.
|
Enter a name.
|
|
Description
|
Identify the proposal
|
Enter a text description.
|
|
Authentication algorithm
|
Hash algorithm that authenticates packet data. It can be one
of the following:
- hmac-md5-96—Produces a 128-bit digest.
- hmac-sha1-96—Produces a 160-bit digest.
|
Select a hash algorithm.
|
|
Encryption algorithm
|
Configures an IKE encryption algorithm.
- 3des-cbc—Has a block size of 24 bytes; the key size
is 192 bits long.
- des-cbc—Has a block size of 8 bytes; the key size
is 48 bits long.
- aes-128-cbc—AES 128-bit encryption algorithm.
- aes-192-cbc—AES 192-bit encryption algorithm.
- aes-256-cbc—AES 256-bit encryption algorithm.
|
Select an encryption algorithm.
|
|
Lifetime kilobytes
|
The lifetime (in kilobytes) of an IPsec security association
(SA). The SA is terminated when the specified number of kilobytes
of traffic have passed.
|
Enter a value from 64 through 1,048,576 bytes.
|
|
Lifetime seconds
|
The lifetime (in seconds) of an IKE security association (SA).
When the SA expires, it is replaced by a new SA and security parameter
index (SPI) or terminated.
|
Enter a value from 180 through 86,400 seconds.
|
|
Protocol
|
The type of security protocol.
|
Select a protocol for the proposal.
|
[Prev][Next][Report an Error]
help_page
