Configuring Ike Policies - Cisco RV120W Administration Manual

Configuring Virtual Private Networks (VPNs) and Security
Configuring Advanced VPN Parameters
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
Cisco RV120W Administration Guide

Configuring IKE Policies

The Internet Key Exchange (IKE) protocol dynamically exchanges keys between
two IPsec hosts. You can create IKE policies to define the security parameters
such as authentication of the peer, encryption algorithms, etc. to be used in this
process. Be sure to use compatible encryption, authentication, and key-group
parameters for the VPN policy.
To configure IKE Policies:
Choose VPN > IPsec > Advanced VPN Setup. In the IKE Policy table, click Add.
Under Policy Name, enter a unique name for the policy for identification and
management purposes.
Under Direction/Type, choose one of the following connection methods:
• Initiator—The router will initiate the connection to the remote end.
• Responder—The router will wait passively and respond to remote IKE
requests.
• Both—The router will work in either Initiator or Responder mode.
Under Exchange Mode, choose one of the following options:
• Main—This mode negotiates the tunnel with higher security, but is slower.
• Aggressive—This mode establishes a faster connection, but with lowered
security.
If either the Local or Remote identifier type is not an IP address, then
NOTE
negotiation is only possible in Aggressive Mode. If FQDN, User FQDN or DER
ASN1 DN is selected, the router disables Main mode and sets the default to
Aggressive mode.
In the Local section, under Identifier Type, choose the Internet Security
Association and Key Management Protocol (ISAKMP) identifier for this router:
• Local WAN (Internet) IP
• FQDN
• User-FQDN
• DER ASN1 DN
5
95