Advanced Services > Vpn Services > Ipsec > Dynamic Map > Transform Set - Dell PowerConnect W-AirWave 7.6 Configuration Manual

IPSec remote peers in your network, a Dynamic Map allows you to accept requests for new security associations
from previously unknown peers. Note that these requests are not processed until the IKE authentication has
completed successfully. In short, a Dynamic Map is a policy template used by IPSEC profiles. Dynamic Maps are
not used for initiating IPSEC security associations, but for determining whether or not traffic should be protected in
the VPN.
To view Dynamic Maps that are currently configured, navigate to Advanced Services > VPN Services > IPSEC >
Dynamic Map. This page lists dynamic map names, IPSEC profiles that reference them, and the folder.
Select Add to create a new Dynamic Map, or click the pencil icon next to an existing map to modify settings. The
Add/Edit Details page contains the fields as described in
Table 35:
Advanced Services > VPN Services > IPSEC > Dynamic Map Add/Edit Fields and Descriptions
Field
General Settings
Folder
Name
Other Settings
Priority
Diffie-Hellman Group
Lifetime
(300-86400 sec)
Transform Set 1-4
Version
Select Add to complete the creation of the Dynamic Map, or click Save to retain changes to an existing Dynamic
Map.
Advanced Services > VPN Services > IPSEC > Dynamic Map > Transform Set
VPN Services may reference IPSEC profiles. Transform sets define the encryption and hash algorithm to be used by
a dynamic map in an IPSEC profile that supports VPN Services.
78 | Configuration Reference
Default Description
Set the folder with which the Dynamic Map is associated. The drop-down menu
Top
displays all folders available for association with the Dynamic Map.
Blank Enter the name of the Dynamic Map.
Specify the priority in which this Dynamic Map should be processed in relation to
additional Dynamic Maps that may be configured and used by IPSEC profiles.
Diffie-Hellman is a key agreement algorithm that allows two parties to agree upon
a shared secret, and is used within IKE to securely establish session keys. To set
the Diffie Hellman Group for the ISAKMP policy, click the Diffie Hellman Group
drop-down list and select one of the following groups:
Group 1: 768-bit Diffie Hellman prime modulus group.
l
Group 2: 1024-bit Diffie Hellman prime modulus group.
l
Group 19: 256-bit random Diffie Hellman ECP modulus group.
l
Group 20: 384-bit random Diffie Hellman ECP modulus group.
l
NOTE: 'EC 256-bit (19)' and 'EC 384-bit (20)' require an Advanced Cryptography
license and a minimum version of 6.1.0.0.
Define the lifetime in seconds for the dynamic map, when deployed in IPSEC
profiles.
From the drop-down menu, select up to four transform sets in the sequence in
which they should be referenced by the Dynamic Map. You can add a new
Transform Set by clicking the add icon, or you can edit an existing Transform Set
by clicking the pencil icon. Refer to
IPSEC > Dynamic Map > Transform Set" on page
1 Select 1 to configure the VPN for IKEv1, or 2 for IKEv2.
Table 35:
"Advanced Services > VPN Services >
Dell PowerConnect W-AirWave 7.6 | Configuration Guide
78.