HP X Unified Security Platform Configuring IKE Proposals, Main Mode and Aggressive Mode

Chapter 7 VPN

Table 7–4: VPN: IKE Proposal Details (Continued)

Column	Description


Functions	Icons representing functions to manage IKE Proposals. The following
	functions are available:
	• Delete a proposal
	• Edit a proposal

Configuring IKE Proposals

IKE proposals provide the authentication and encryption methods that are used to configure the IPSec Security Associations for IPSec VPN tunnel. Configure an IKE proposal for each type of remote network device that requires a VPN connection.

Main Mode and Aggressive Mode

When you configure an IKE proposal, you have options to use main mode or aggressive mode. Main mode is the default and recommended configuration. You can use this mode if all the addresses of the remote sites to connect via VPN have fixed IP addresses. This is the recommended configuration. If the remote sites have dynamic addresses (not recommended), then you must use Aggressive mode for the IKE proposal. However, this mode is less secure.

You can configure an IKE Proposal from the Create/Edit IKE Proposal page (VPN > IKE Proposal, create or edit).

200 X Family LSM User’s Guide V 2.5.1