2 setting ike policies, 2 setting ike policies -38, Setting ike policies – Motorola Series Switch WS5100 User Manual

6-38 WS5100 Series Switch System Reference Guide

6. Refer to the

Pre-shared Keys

field to review the following information:

7. Highlight an existing set of pre-shared Keys and click the

Edit

button to revise the existing peer IP

address, key and aggressive mode designation.

8. Select an existing entry and click the

Delete

button to remove it within the table.

9. If the properties of an existing peer IP address, key and aggressive mode designation are no longer

relevant and cannot be edited to be useful, click the

Add

button to create a new pre-shared key.

a. Select the

Peer IP Address checkbox

to associate an IP address with the specific tunnel used by

a group of peers or, select the

Distinguished Name

checkbox to configure the switch to restrict

access to those peers with the same distinguished name, or select the

Hostname

checkbox to allow

shared-key messages between corresponding hostnames.

b. Define the

Key

(string ID) a remote peer uses to look up the pre-shared to interact securely with

peers within the tunnel.

c. Select the

Aggressive Mode

checkbox if required. Aggressive mode enables you to configure

Internet Key Exchange (IKE) pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.

d. Refer to the

Status

field for the current state of the requests made from applet. This field displays

error messages if something goes wrong in the transaction between the applet and the switch.

e. Click

OK

to use the changes to the running configuration and close the dialog.

f. Click

Cancel

to close the dialog without committing updates to the running configuration.

6.7.2 Setting IKE Policies

Each IKE negotiation is divided into two phases. Phase 1 creates the first tunnel (protecting later IKE
negotiation messages) and phase 2 creates the tunnel protecting the data. To define the terms of the IKE
negotiation, create one or more IKE policies, including the following:

Peer IP Address

Use the Peer IP Address to associate an IP address with the specific tunnel used by a group
of peers.

Aggressive Mode

Displays whether aggressive mode is enabled for this IP address and key string. A green
check mark defines aggressive mode as enabled. A red “X” denotes the mode as disabled.

Key

Displays the string ID a remote peer uses to look up pre-shared keys.