Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-7
•Include Vendor-ID Payload toggles whether or not the Router includes the vendor-ID payload in its IKE Phase 1 messages.
•Independent Phase 2 Re-keystoggles whether or not a Phase 2 re-keys requires a Phase 1 re-key. If this item is set to Yes (the default), Phase 2 re-keys will be performed independently when necessary without requiring a Phase 1 re-key. If this item is set to No, each Phase 2 re-key will be preceded by a Phase 1 re-key. This item should normally be set to Yes unless the device is communicating with a non-compliant remote IPsec peer that requires that a Phase 1 re-key precede each Phase 2 re-key.
•Strict Port Policy toggles whether or not IKE requires packets to originate from the IANA IKE port (500). Set to Yes, the Router will listen only to port 500 and source its packets from port 500. Set to No, the Router will return traffic to whatever port originated it.
Changing an IKE Phase 1 Profile
Selecting Display/Change IKE Phase 1 Profile or Delete IKE Phase 1 Profile displays an IKE Phase 1 profile pop-up menu listing the names of all currently defined IKE Phase 1 profiles:
IPsec Configuration
+--IKE Phase1 Profile-- | + |
+---------------------- | + |
D IKE Profile 2 | 1 Profile... |
A Arthropods | . |
D Anthropoids | e... |
Anopheles | |
Albigensians | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
+---------------------- | + |
Up/Down Arrow Keys to select, ESC to dismiss, Return/Enter to Edit.
Selecting Display/Change IKE Phase 1 Profile and choosing an IKE phase 1 profile name from the pop-up list displays the Change IKE Phase 1 Profile screen. This screen is identical to the Add IKE Phase 1 Profile screen shown above.
