Efficient Networks 5800

Efficient Networks® 5800 Series

User Reference Guide

Chapter 3: Additional Features

Efficient Networks®Page 3-29

1. IPSec Policy Name: Enter a logical name for the IPSec policy.

The name you choose is of no consequence to the other IPSec party.

2. Peer Binding: Specify the remote IKE peer to which this policy shall

apply. This peer must be already defined with the IKE Peer Definition

screen.

3. IPSec Proposal Bindings: Specify an IKE IPSec proposal to be used

with this policy . The IKE IPSec proposal must be already defined with

the IKE IPSec Proposal Definition screen.

4. PFS Group: Select the Perfect Forward Secrecy negotiation and

Diffie-Hellman group to be used for each rekey. Perfect Forward

Secrecy enhances the security of the key exchange. In the event of a

key becoming compromised, only the data protected by that

compromised key becomes vulnerab le. You can choose None, Group

1 or Group 2.

5. IP Protocol: Specify a protocol to be used with this policy. You can

also enable any protocol to be used by selecting “all”.

6. Source IP Address: Enter the IP address of the local area network

that will use this policy . This will usually be the IP address assigned to

the network local to your ro uter.

7. Source Subnet Mask: Enter the subnet mask of the local area

network that will use this policy. This will usually be the subnet mask

assigned to the network local to your router.

8. Destination IP Address: Enter the IP address of the remote private

network to which your router will connect using this policy.

9. Destination Subnet Mask: Enter the subnet mask of the remote

private network to which your router will connect using this policy.

10. Source Port: Enter the port that will be the source of TCP/UDP

traffic under this policy. You can specify All ports, a port number, or

an IP application associated with a particular port. Because port

numbers are TCP and UDP specific, a port filter is effective only when

the protocol filter is TCP or UDP (see Step 5: IP Protocol).

11. Destination Port: Enter the port that will be the destination of TCP/

UDP traffic under this policy. You can specify All ports, a port

number, or an IP application associated with a particular port.

12. Click on Save IKE Settings to establish your IKE IPSec policy and

return to the home screen.