Switch Security 6-37

NOTE: By default, the IKE feature is enabled on the switch. Motorola does not support disabling the IKE server.

6.7.1 Defining the IKE Configuration

Refer to the Configuration tab to enable (or disable) IKE and define the IKE identity (for exchanging identities) and aggressive mode. Aggressive mode enables you to configure Internet Key Exchange (IKE) pre- shared keys as IPSec tunnel attributes for IP Security (IPSec) peers.

Use IKE to specify IPSec tunnel attributes for an IPSec peer and initiate an IKE aggressive mode negotiation with the tunnel attributes. This feature is best implemented in a crypto hub scenario. Users initiate IKE aggressive mode negotiation with the switch using pre-shared keys specified as tunnel attributes and stored on the Radius server. This scenario is scalable since the keys are kept at a central repository (the Radius server) and more than one switch and application can use the information.

To view the current set of IKE configurations:

1.Select Security > IKE Settings from the main menu tree.

2.Click the Configurations tab.

During IKE negotiations, peers must identify themselves to one another. Thus, the configuration you define is the identification medium for device recognition.

3.Set a Keep Alive interval (in seconds) the switch uses for monitoring the continued presence of a peer and report of the client's continued presence to the peer. The client notifies you when the peer is no longer present.

4.Click the Apply button (within the IKE Settings field) to save the configuration.

5.Click the Revert (within the IKE Settings field) to rollback to the previous configuration.

Page 261
Image 261
Motorola WS5100 manual Defining the IKE Configuration, Click the Configurations tab