1 defining the ike configuration, 1 defining the ike configuration -37, Defining the ike configuration – Motorola Series Switch WS5100 User Manual

Switch Security

6-37

6.7.1 Defining the IKE Configuration

Refer to the

Configuration

tab to enable (or disable) IKE and define the IKE identity (for exchanging

identities) and aggressive mode. Aggressive mode enables you to configure Internet Key Exchange (IKE) pre-
shared keys as IPSec tunnel attributes for IP Security (IPSec) peers.

Use IKE to specify IPSec tunnel attributes for an IPSec peer and initiate an IKE aggressive mode negotiation
with the tunnel attributes. This feature is best implemented in a crypto hub scenario. Users initiate IKE
aggressive mode negotiation with the switch using pre-shared keys specified as tunnel attributes and stored
on the Radius server. This scenario is scalable since the keys are kept at a central repository (the Radius
server) and more than one switch and application can use the information.

To view the current set of IKE configurations:

1. Select

Security

>

IKE Settings

from the main menu tree.

2. Click the

Configurations

tab.

During IKE negotiations, peers must identify themselves to one another. Thus, the configuration you define is
the identification medium for device recognition.

3. Set a

Keep Alive

interval (in seconds) the switch uses for monitoring the continued presence of a peer

and report of the client's continued presence to the peer. The client notifies you when the peer is no
longer present.

4. Click the

Apply

button (within the IKE Settings field) to save the configuration.

5. Click the

Revert

(within the IKE Settings field) to rollback to the previous configuration.

NOTE: By default, the IKE feature is enabled on the switch. Motorola does not support
disabling the IKE server.