Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 493

Advertising
background image

Brocade Mobility RFS Controller System Reference Guide

481

53-1003099-01

8

Select + Add Row to define the network address of a target peer and its security settings.

Name

If creating a new IKE policy, assign it a 32 character maximum name to help
differentiate this IKE configuration from others with similar parameters.

DPD Keep Alive

Configure the IKE keep alive message interval used for dead peer detection on the
remote end of the IPSec VPN tunnel. Set this value in either Seconds (10 - 3,600),
Minutes (1 - 60) or Hours (1). The default setting is 30 seconds. This setting is
required for both IKEv1 and IKEV2.

Mode

If using IKEv1, use the drop-down menu to define the IKE mode as either Main or
Aggressive. IPSEC has two modes in IKEv1 for key exchanges. Aggressive mode
requires 3 messages be exchanged between the IPSEC peers to setup the SA, Main
requires 6 messages. The default setting is Main.

DPD Retries

Use the spinner control to set the maximum number of keep alive messages sent
before a VPN tunnel connection is defined as dead. The available range is from 1 -
100. The default setting is 5.

IKE LifeTime

Set the lifetime defining how long a connection (encryption/authentication keys)
should last from successful key negotiation to expiration. Set this value in either
Seconds (600 - 86,400), Minutes (10 - 1,440), Hours (1 - 24) or Days (1). This
setting is required for both IKEv1 and IKEV2.

Name

If creating a new IKE policy, assign the target peer (tunnel destination) a 32 character
maximum name to distinguish it from others with a similar configuration.

DH Group

Use the drop-down menu to define a Diffie-Hellman (DH) identifier used by the VPN
peers to derive a shared secret password without having to transmit. DH groups
determine the strength of the key used in key exchanges. The higher the group
number, the stronger and more secure the key. Options include 2, 5 and 14. The
default setting is 5.

Encryption

Select an encryption method used by the tunnelled peers to securely interoperate.
Options include 3DES, AES, AES-192 and AES-256. The default setting is AES-256.

Advertising
Popular Brands
Popular manuals