Figure 115: VPN IPsec: IPsec Wizard - IKE Settings
1. By default, Use Default IKE Policy check box is enabled.
An IKE policy 'default' is created in your system. If an IKE policy is not
configured, the 'default' IKE policy is applied to the IPsec profile. Following
are the default values for IKE policy 'default':
•
Default Perfect Forward Secrecy (PFS) group in IKE policy: pfs group2
•
Default IKE lifetime in seconds: 86400
•
Default IPsec security-association lifetime in seconds: 28800
•
Default proposal in IKE policy: sha1-aes128
Retain the default values or configure as required.
2. Configure IKE setting as required. To do the same, uncheck the Use Default IKE
Policy check box.
•
Here you have two options: Configure a new IKE policy or use an already
created IKE Policy.
Configure New IKE Policy
i.
ii. Select the predefined PFS group in PFS drop-down list.
iii. Enter the lifetime for the IKE policy in Lifetime (Sec) field.
iv. Enter the IPsec SA lifetime in the IPsec SA Lifetime (Sec) and IPsec SA
v. Select the encryption algorithm in the IKE Proposal box. Maximum of four
Web GUI Users Guide
Beta
Enter the name for IKE policy in the IKE Policy Name field.
Lifetime (KB) field.
proposals can be associated with an IKE policy. The system prompts if
more than four encryption algorithms are selected.
Alcatel-Lucent
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
Configure
191
Beta