[Prev][Next][Report an Error]

Configuring IPsec Autokey—Quick Configuration

You can use J-Web Quick Configuration to quickly configure IPsec AutoKey.

Figure 67 shows the quick configuration page, where you can select an existing AutoKey VPN, or click Add to create a new one.

Figure 67: IPsec AutoKey Configuration

IPsec AutoKey Configuration


Figure 68 shows the quick configuration page where you create a new IPsec AutoKey VPN.

Figure 68: lPSec AutoKey Configuration Options

lPSec AutoKey Configuration Options

To configure an AutoKey VPN with Quick Configuration:

  1. Select Configuration > Quick Configuration > VPN > IPSec AutoKey.
  2. Select the IPSec AutoKey tab if it is not selected.
  3. To use an existing IPsec AutoKey VPN, select one from among those listed and click one of the following buttons:
  4. To configure a new ISec AutoKey VPN, click Add.
  5. Fill in the options as described in Table 142.
  6. Click one of the following buttons:

Table 142: IPsec AutoKey Configuration Options




IPsec Autokey VPN

VPN Name

Name of the IPsec tunne.l

Enter a name.

Remote gateway

Name of the remote gateway.

Select a name.

Idle time

The maximum amount of time to allow a security association (SA) to be idle before deleting it.

Specify a value between 60 and 999,999 seconds.

Install interval

The maximum number of seconds to allow the installation of a rekeyed outbound security association (SA) on the device.

Specify a value between 0 and 10 seconds.

IPsec policy

Associate a policy with this IPsec tunnel.

Select a policy.

Disable anti replay

Disable the anti-replay checking feature of IPsec. By default, anti-replay checking is enabled.

Click the check box.

Use proxy identity

Optionally, specify the IPsec proxy identify to use in IKE negotiations. The default behavior is to use the identities taken from the firewall policies.

Click the check box.


Local IP/Netmask

The local IP address and subnet mask for the proxy identity.

Enter an IP address and subnet mask.

Remote IP/Netmask

The remote IP address and subnet mask for the proxy identity.

Enter an IP address and subnet mask.


The service (port and protocol combination) to protect.

Select a service.

Bind to tunnel interface

The tunnel interface to which the route-based virtual private network (VPN) is bound.

Select an interface.

Don't fragment bits

Specifies how the device handles the Don't Fragment (DF) bit in the outer header.

  • clear—Clear (disable) the DF bit from the outer header. This is the default.
  • copy—Copy the DF bit to the outer header.
  • set—Set (enable) the DF bit in the outer header.

Choose an option.

Establish tunnels

Specifies when IKE is activated.

  • immediately—IKE is activated immediately after VPN configuration and configuration changes are committed.
  • on-traffic—IKE is activated only when data traffic flows and must be negotiated.

Choose an option.

Enable VPN monitor

Allows for monitoring of the VPN.

Click the check box.

Destination ip

IP address of the destination peer.

Enter an IP address.


Specifies that the device uses traffic patterns as evidence of peer liveliness. If enabled, ICMP requests are suppressed. This feature is disabled by default.

Click the check box.

Source interface

The source interface for ICMP requests (VPN monitoring “ hellos” ). If no source interface is specified, the device automatically uses the local tunnel endpoint interface.

Specify a source interface.

[Prev][Next][Report an Error]