6-38WS5100 Series Switch System Reference Guide

6. Refer to the Pre-shared Keys field to review the following information:

Peer IP Address

Use the Peer IP Address to associate an IP address with the specific tunnel used by a group

 

of peers.

Aggressive Mode

Displays whether aggressive mode is enabled for this IP address and key string. A green

 

check mark defines aggressive mode as enabled. A red “X” denotes the mode as disabled.

Key

Displays the string ID a remote peer uses to look up pre-shared keys.

7.Highlight an existing set of pre-shared Keys and click the Edit button to revise the existing peer IP address, key and aggressive mode designation.

8.Select an existing entry and click the Delete button to remove it within the table.

9.If the properties of an existing peer IP address, key and aggressive mode designation are no longer relevant and cannot be edited to be useful, click the Add button to create a new pre-shared key.

a. Select the Peer IP Address checkbox to associate an IP address with the specific tunnel used by a group of peers or, select the Distinguished Name checkbox to configure the switch to restrict access to those peers with the same distinguished name, or select the Hostname checkbox to allow shared-key messages between corresponding hostnames.

b. Define the Key (string ID) a remote peer uses to look up the pre-shared to interact securely with peers within the tunnel.

c. Select the Aggressive Mode checkbox if required. Aggressive mode enables you to configure Internet Key Exchange (IKE) pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.

d. Refer to the Status field for the current state of the requests made from applet. This field displays error messages if something goes wrong in the transaction between the applet and the switch.

e. Click OK to use the changes to the running configuration and close the dialog.

f. Click Cancel to close the dialog without committing updates to the running configuration.

6.7.2 Setting IKE Policies

Each IKE negotiation is divided into two phases. Phase 1 creates the first tunnel (protecting later IKE negotiation messages) and phase 2 creates the tunnel protecting the data. To define the terms of the IKE negotiation, create one or more IKE policies, including the following:

Page 262
Image 262
Motorola WS5100 manual Setting IKE Policies, Peer IP Address, Peers, Aggressive Mode