Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

480

Brocade Mobility RFS Controller System Reference Guide

53-1003099-01

8

FIGURE 62

Profile Security - VPN IKE Policy screen

Select either the IKEv1 or IKEv2 radio button to enforce VPN peer key exchanges using either IKEv1
or IKEv2.

IKEv2 provides improvements from the original IKEv1 design (improved cryptographic
mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most
deployments. The appearance of the IKE Policy screens differ depending on the selected IKEv1
or IKEv2 mode.

Refer to the following to determine whether an IKE Policy requires creation, modification or
removal:

Select Add to define a new IKE Policy configuration, Edit to modify an existing configuration or
Delete to remove an existing configuration.

Name

Displays the 32 character maximum name assigned to the IKE policy.

DPD Keep Alive

Lists each policy’s IKE keep alive message interval defined for IKE VPN tunnel dead
peer detection.

IKE LifeTime

Displays each policy’s lifetime for an IKE SA. The lifetime defines how long a
connection (encryption/authentication keys) should last, from successful key
negotiation to expiration. Two peers need not exactly agree on the lifetime, though if
they do not, there is some clutter for a superseded connection on the peer defining the
lifetime as longer.

DPD Retries

Lists each policy’s number maximum number of keep alive messages sent before a
VPN tunnel connection is defined as dead by the peer. This screen only appears when
IKEv1 is selected.