Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

378

Brocade Mobility RFS7000-GR Controller System Reference Guide

53-1001944-01

Configuring IKE settings

6

NOTE

192-bit AES and 256-bit AES are not supported for manual IPSec sa configurations.

4. Highlight an existing policy and click the Edit button to revise the policy’s existing sequence

number, encryption scheme, hash value, authentication scheme, SA lifetime and DH group.

5. Select an existing policy and click the Delete button to remove it from the table.

Authentication Type

Displays the authentication scheme used to validate the identity of each peer.
Pre-shared keys do not scale accurately with a growing network but are easier to
maintain in a small network. Options include:

•

Pre-shared Key - Uses pre-shared keys.

•

RSA Signature - Uses a digital certificate with keys generated by the RSA
signatures algorithm.

SA Lifetime (sec.)

Displays an integer for the SA lifetime in seconds. With longer lifetimes, security
defines future IPSec security associations quickly. Encryption strength is great
enough to ensure security without using fast rekey times. Brocade recommends
using the default value.

DH Group

Displays the Diffie-Hellman (DH) group identifier. IPSec peers use the defined
value to derive a shared secret without transmitting it to one another.