5-10 Firmware User Guide
IPsec Tunnel Options
Key Management... | IKE |
IKE Phase 1 Profile... | |
Encapsulation... | ESP |
ESP Encryption Transform... | DES |
ESP Authentication Transform... | HMAC-MD5-96 |
Advanced IPsec Options...
COMMITCANCEL
The Key Management pop-up menu at the top of the IPsec Tunnel Options screen allows you to choose between IKE key management (the default for a new IPsec profile) and Manual key management.
If you select Manual, the IKE Phase 1 Profile option does not display, and you must enter your IPsec Manual Keys under the IPsec Manual Keys screen. See “IPsec Manual Key Entry” on page 19.
•The IKE Phase 1 Profile pop-up menu allows you to associate an IKE Phase 1 Profile with the IPsec tunnel. An IKE Phase 1 Profile specifies the set of parameters that will be used for the IKE Phase 1 exchange. IKE Phase 1 Profiles may be shared by multiple IPsec tunnels. The pop-up menu item displays the name of the currently associated IKE Phase 1 Profile, if any, or is blank if no IKE Phase 1 profile is associated with the tunnel.
The pop-up menu lists the names of all currently defined IKE Phase 1 Profiles. The pop-up menu also includes an <<ADD PH1 PROFILE>> item to allow you to define a new IKE Phase 1 Profile directly without first going to the IPsec Configuration screen, and a <<NONE>> item to allow you to dissociate an existing IKE Phase 1 Profile from the IPsec tunnel.
The remainder of the screen allows you to configure the IKE Phase 2 parameters that control the contents of the single IKE Phase 2 proposal sent by the Router. These same items specify the values that must be offered by one of the remote peer’s proposals.
•The Encapsulation pop-up menu allows you to select what IPsec encapsulations will be used: ESP only (the default), AH only, or AH+ESP (both AH and ESP).
•An AH Authentication Transform pop-up menu (which is visible only if you have selected AH or AH+ESP encapsulation) allows you to specify the type of AH authentication: HMAC-MD5-96 or HMAC-SHA1–96.
•The ESP Encryption Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP encapsulation) allows you to specify the type of ESP encryption: DES, 3DES, or NULL (no encryption).
