Siemens BUSINESS CLASS 5935 User Manual
Page 84
SIEMENS 5930/5935 Business Gateway
User’s Guide
Chapter 6 Security Setup
IKE/IPSec Configuration
SIEMENS
78
IKE IPSec Policies Definition
IPSec policies are criteria for packets that IPSec will recognize, and actions that IPSec will take upon
recognition. To define a new IKE IPSec policy:
1. Click Create next to IKE IPSec Policies from the Advanced IKE/IPSec Setup page. This displays the IKE
IPSec Policy Definition page.
2. In IPSec Policy Name, enter a logical name for the IPSec policy. The name specified is of no
consequence to the other IPSec party.
3. From the Peer Binding drop-down menu, select the remote IKE peer to which this policy will apply. This
peer must already be defined as an
IKE Peer
.
4. From the IPSec Proposal Bindings drop-down menu, select the IKE IPSec proposal to be used with this
policy. The IKE IPSec proposal must be already defined as an
IKE IPSec Proposal
.
5. From the PFS Group drop-down menu, select one of the following the Diffie-Hellman group to use for
Perfect Forward Secrecy. Perfect Forward Secrecy enhances the security of the key exchange. In the
event of a key becoming compromised, only the data protected by that compromised key becomes
vulnerable:
•
None
•
Group 1: Uses Diffie-Hellman Group 1 (768 bits).
•
Group 2: Uses Diffie-Hellman Group 2 (1024 bits).
6. From the IP Protocol drop-down menu, select the protocol of the IP traffic that uses this protocol.
7. In Source IP Address, enter the IP address of the local area network that will use this policy. This will
usually be the IP address assigned to the network local to your router.
8. In Source Subnet Mask, enter the subnet mask of the local area network that will use this policy. This will
usually be the subnet mask assigned to the network local to your router.