Create IPsec Template

Use this page to create an IPsec template and to specify how security associations (SAs) are created (manually or dynamically). To create an IPsec template, use the following steps:

1.Enter a unique name for the template.

2.Select an authentication type. See the item descriptions in the following table.

3.Click Next.

NOTE: The subsequent configuration pages depend on your authentication type selection (Internet Key Exchange or Manual Keys).

Table 5-7Create IPsec Template page

Item

Description

 

 

IPsec Template Name

Custom IPsec template name. This name is added to the Specify IPsec Template

 

page.

 

 

NOTE: The IPsec template name must be unique.

 

 

Authentication Type

Select the authentication type. Hosts specified in the Address template must negotiate

 

IPsec security settings during a session. During negotiation, authentication must occur

 

to validate sender/receiver identities.

 

Internet Key Exchange (default) Use Internet key exchange (IKE) protocols for

 

authentication and encryption and to create security associations.

 

Version Select the IKE version (IKEv1 or IKEv2).

 

Set IKE Defaults Select a default security profile for IKE operation. Several

 

 

predefined profiles are provided. To configure a custom security profile,

 

 

select the Specify Custom Profile option.

 

Preview IKE Defaults View the settings for a selected IKE default security

 

 

profile.

If you select IKE for authentication and a default security profile, click Next to display the Identity Authentication page.

Manual Keys Configure IPsec authentication/encryption protocols and keys manually. Click Next to display the IPsec Protocols page.

Identity Authentication

Use this page to choose an identity authentication method:

Pre-Shared KeyCertificatesKerberos

Identity Authentication page items are described in the following table.

114 Chapter 5 IPsec/Firewall configuration (V.45.xx.nn.xx)

ENWW