Netopia 3300 User Manual

Page 179

Advertising
background image

Internet Key Exchange (IKE) IPsec Key Management for VPNs 6-13

The Key Management pop-up menu at the top of the IPsec Tunnel Options screen allows you to choose
between IKE key management (the default for a new IPsec profile) and Manual key management.

If you select Manual, the IKE Phase 1 Profile option does not display, and you must enter your IPsec Manual
Keys under the IPsec Manual Keys screen. See “IPsec Manual Key Entr y” on page 22.

The IKE Phase 1 Profile pop-up menu allows you to associate an IKE Phase 1 Profile with the IPsec tunnel.
An IKE Phase 1 Profile specifies the set of parameters that will be used for the IKE Phase 1 exchange. IKE
Phase 1 Profiles may be shared by multiple IPsec tunnels. The pop-up menu item displays the name of the
currently associated IKE Phase 1 Profile, if any, or is blank if no IKE Phase 1 profile is associated with the
tunnel.

The pop-up menu lists the names of all currently defined IKE Phase 1 Profiles. The pop-up menu also
includes an <<ADD PH1 PROFILE>> item to allow you to define a new IKE Phase 1 Profile directly without
first going to the IPsec Configuration screen, and a <<NONE>> item to allow you to dissociate an existing
IKE Phase 1 Profile from the IPsec tunnel.

The remainder of the screen allows you to configure the IKE Phase 2 parameters that control the contents of
the single IKE Phase 2 proposal sent by the Router. These same items specify the values that must be offered
by one of the remote peer’s proposals.

The Encapsulation pop-up menu allows you to select what IPsec encapsulations will be used: ESP only (the
default), AH only, or AH+ESP (both AH and ESP).

An AH Authentication Transform pop-up menu (which is visible only if you have selected AH or AH+ESP
encapsulation) allows you to specify the type of AH authentication: HMAC-MD5-96 or HMAC-SHA1–96.

The ESP Encryption Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP
encapsulation) allows you to specify the type of ESP encr yption: DES, 3DES, or NULL (no encr yption).

IPsec Tunnel Options

Key Management... IKE
IKE Phase 1 Profile...

Encapsulation... ESP

ESP Encryption Transform... DES
ESP Authentication Transform... HMAC-MD5-96

Advanced IPsec Options...

COMMIT CANCEL

Advertising
Popular Brands
Popular manuals