Ikev1 Phase 1 (Authentication) - HP Jetdirect J7974E Administrator's Manual

NOTE
on this page, subsequent configuration pages will differ when you click Next.
Table 5-7 Create IPsec Template page
Item
IPsec Template Name
Authentication Type

IKEv1 Phase 1 (Authentication)

Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to
configure SA parameters for authentication and to securely generate IPsec session keys for encryption
and hashing algorithms. Items on this page are described below.
Table 5-8 IKE Phase 1 (Authentication) page
Item
Diffie-Hellman Groups
SA Lifetime
Negotiation Mode
ENWW
Depending on your selection of the authentication type (dynamic keys or manual keys)
Description
Enter a name for a custom IPsec template in the edit box. This name will be added to
the Step 3-Specify IPsec Template page.
Hosts specified in the Address template must negotiate IPsec security settings during
a session. During negotiation, authentication must occur to validate sender/receiver
identities. Select one of the following authentication types.
Dynamic Keys: Use Internet Key Exchange (IKE) protocols for authentication and
encryption and to create Security Associations . You must select one of the following
methods:
●
Pre-Shared Key: Enter a pre-shared key (ASCII string) that is shared by all hosts
specified by this rule. If a pre-shared key is used, it should be protected; any host
that knows this key may be authenticated.
●
Certificates: Certificates may be used for authentication. A self-signed Jetdirect
certificate is pre-installed by factory default, and can be replaced. In addition, a CA
certificate must be installed for server authentication. For information on
requesting, configuring and installing certificates, see
After selecting a dynamic key method, you must configure IKE parameters using the
IKEv1 Phase 1 (Authentication) page.
Manual Keys: Select this option to configure encryption keys and create Security
Associations manually through the Manual Keys page.
Description
(Required) A Diffie-Hellman exchange allows a secret key and security services to be
securely exchanged between two hosts over an unprotected network. A Diffie-Hellman
group determines the parameters to use during a Diffie-Hellman exchange. Multiple
well-known Diffie-Hellman groups are provided and can be selected.
Selecting all the groups will result in a single negotiated group.
(Required) Specify the lifetime, in seconds, that the keys associated with this Security
Association will be valid.
(Required) IKE provides two modes of negotiation during an exchange for keys and
security services to be used for a Security Association:
Main: This mode features identity protection between the hosts and is slower but secure.
NOTE The IPsec template name must be unique.
Configuring
HP Jetdirect IPsec/Firewall Wizard
Certificates.
101