Chapter17 IP Security
IPSec Profiles
17-14
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12

Time Based IPSec SA Lifetime

Click Time Based IPSec SA Lifetime if you want a new SA to be established
after a set period of time has elapsed. Enter the time period in the HH:MM:SS
fields to the right.

Traffic Volume Based IPSec SA Lifetime

Click Traff ic Volu me B ased IPSec SA Lifetime if you want a new SA to be
established after a specified amount of traffic has passed through the IPSec tunnel.
Enter the number of kilobytes that should pass through the t unnel before an
existing SA is taken down and a new one is established.

IPSec SA Idle Time

Click IPSec SA Idle Time if you want a new SA to be established after the peer
has been idle for a specified amount of time. Enter the idle time period in the
HH:MM:SS fields to the right.

Perfect Forwarding Secrecy

Click Perfect Forwarding Secrecy if IPSec should ask for perfect forward
secrecy (PFS) when requesting new security associations for this virtual template
interface, or should require PFS in requests received from the peer. You can
specify the following values:
group1—The 768-bit Diffie-Hellman prime modulus group is used to encrypt
the PFS request.
group2—The 1024-bit Diffie-Hellman prime modulus group is used to
encrypt the PFS request.
group5—The 1536-bit Diffie-Hellman prime modulus group is used to
encrypt the PFS request.
Add or Edit IPSec Profile and Add Dynamic Crypto Map
Use this window to add or to edit an IPSec profile, or to add a dynamic crypto
map.