IKE Proposal

Table 7–5: IKE Proposal Phase 1 and Phase 2 Configuration Parameters (Continued)

Parameter

Description

 

 

 

 

Lifetime

Specify the length of time the security association remains valid before new

 

authentication and encryption keys must be exchanged (between 1 and 65535

 

seconds, default 28800). A lower value increases security, but may be

 

inconvenient, since the connection is temporary disabled.

 

 

Authentication

If selected, the device uses a shared password to authenticate access to the VPN

Type: Pre-

connection.

Shared Key

If you select this option and use the Aggressive Mode option, you need to specify

 

a Local ID Type and Peer ID Type.

 

 

Authentication

If X.509 Certificates is selected as the Authentication Type, select the Local

Type: X.509

Certificate to be used for authentication from the drop-down list. To specify a

Certificates

CA certificate to validate access to the VPN, check Only accept peer certificates

 

signed by. Then select the CA certificate from the drop-down list. If you do not

 

specify a certificate, the device will use any of the imported CA certificates

 

available on the device.

 

Note Import certificates from the X.509 Certificates page

 

(Authentication > X.509 Certificates) menu option to upload CA

 

Certificates and Local Certificates for use on the device.

 

 

X Family LSM User’s Guide V 2.5.1

203