Setting Ike Policies - Motorola RFS Series Reference Manual

6-44 Motorola RF Switch System Reference Guide
9. If the properties of an existing peer IP address, key and aggressive mode designation are no longer
relevant and cannot be edited, click the
a. Select the
a group of peers or, select the
access to those peers with the same distinguished name, or select the
shared-key messages between corresponding hostnames.
b. Define the
within the tunnel.
c. Select the
pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.
d. Refer to the
messages if something is wrong in the transaction between the applet and the switch.
e. Click OK
f. Click Cancel

6.7.2 Setting IKE Policies

Each IKE negotiation is divided into two phases. Phase 1 creates the first tunnel (protecting later IKE
negotiation messages) and phase 2 creates the tunnel protecting the data. To define the terms of the IKE
negotiation, create one or more IKE policies. Include the following:
• An authentication scheme to ensure the credentials of the peers
• An encryption scheme to protect the data
• A HMAC method to ensure the identity of the sender, and validate a message has not been altered
• A Diffie-Hellman group establishing the strength of the of the encryption-key algorithm.
• A time limit for how long the encryption key is used before it is replaced.
If IKE policies are not defined, the switch uses the default policy (with a default priority of 10001) and
contains the default values. When IKE negotiations begin, the peer initiating the negotiation sends its
policies to the remote peer. The remote peer searches for a match with its own policies using the defined
priority scheme.
A IKE policy matches when they have the same encryption, hash, authentication and Diffie-Hellman settings.
The SA lifetime must also be less than or equal to the lifetime in the policy sent. If the lifetimes do not match,
the shorter lifetime applies. If no match exists, IKE refuses negotiation.
Peer IP Address checkbox
Distinguished Name
Key (string ID) a remote peer uses to look up the pre-shared to interact securely with peers
Aggressive Mode checkbox (if required). Aggressive mode enables you to configure IKE
Status field for the current state of requests made from applet. This field displays error
to use the changes to the running configuration and close the dialog.
to close the dialog without committing updates to the running configuration.
Add button to create a new pre-shared key
to associate an IP address with the specific tunnel used by
checkbox to configure the switch to restrict
Hostname checkbox to allow