ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

Managing IKE Policies

The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN gateways, and provides automatic management of the keys that are used for IPsec connections. It is important to remember that:

An automatically generated VPN policy (“Auto Policy”) must use the IKE negotiation protocol.

A manually generated VPN policies (“Manual Policy”) cannot use the IKE negotiation protocol.

IKE policies are activated when the following situations occur:

1.The VPN policy selector determines that some traffic matches an existing VPN policy:

If the VPN policy is of an “Auto Policy” type, the IKE policy that is specified in the Auto Policy Parameters section of the Add VPN Policy screen (see Figure 7-23 on page 7-33) is used to start negotiations with the remote VPN gateway.

If the VPN policy is of a “Manual Policy” type, the settings that are specified in the Manual Policy Parameters section of the Add VPN Policy screen (see Figure 7-23 on page 7-33) are accessed, and the first matching IKE policy is used to start negotiations with the remote VPN gateway:

If negotiations fail, the next matching IKE policy is used.

If none of the matching IKE policies are acceptable to the remote VPN gateway, then a VPN tunnel cannot be established.

2.An IKE session is established, using the Security Association (SA) settings that are specified in a matching IKE Policy:

Keys and other settings are exchanged.

An IPsec SA is established, using the settings that are specified in the VPN policy.

The VPN tunnel is then available for data transfer.

When you use the VPN Wizard to set up a VPN tunnel, an IKE policy is established and populated in the List of IKE Policies, and is given the same name as the new VPN connection name. You can also edit exiting policies or add new IKE policies from the IKE Policies screen.

The IKE Policies Screen

To access the IKE Policies screen:

Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs appear with the IKE Policies screen in view (Figure 7-20 on page 7-23shows some examples).

7-22

Virtual Private Networking Using IPsec Connections

v1.0, September 2009

Page 232
Image 232
NETGEAR UTM10EW-100NAS, UTM25-100NAS, UTM25EW-100NAS manual Managing IKE Policies, IKE Policies Screen