SIEMENS se5880 Ethernet Security Router

Chapter 6 Security Setup

User’s Guide

IKE/IPSec Configuration

 

 

IKE IPSec Policies Definition

IPSec policies are criteria for packets that IPSec will recognize, and actions that IPSec will take upon recognition. To define a new IKE IPSec policy:

1.Click Create next to IKE IPSec Policies from the Advanced IKE/IPSec Setup page. This displays the IKE IPSec Policy Definition page.

2.In IPSec Policy Name, enter a logical name for the IPSec policy. The name specified is of no consequence to the other IPSec party.

3.From the Peer Binding drop-down menu, select the remote IKE peer to which this policy will apply. This peer must already be defined as an IKE Peer.

4.From the IPSec Proposal Bindings drop-down menu, select the IKE IPSec proposal to be used with this policy. The IKE IPSec proposal must be already defined as an IKE IPSec Proposal.

5.From the PFS Group drop-down menu, select one of the following the Diffie-Hellman group to use for Perfect Forward Secrecy. Perfect Forward Secrecy enhances the security of the key exchange. In the event of a key becoming compromised, only the data protected by that compromised key becomes vulnerable:

None

Group 1: Uses Diffie-Hellman Group 1 (768 bits).

Group 2: Uses Diffie-Hellman Group 2 (1024 bits).

6.From the IP Protocol drop-down menu, select the protocol of the IP traffic that uses this protocol.

7.In Source IP Address, enter the IP address of the local area network that will use this policy. This will usually be the IP address assigned to the network local to your router.

8.In Source Subnet Mask, enter the subnet mask of the local area network that will use this policy. This will usually be the subnet mask assigned to the network local to your router.

SIEMENS

70

Page 76
Image 76
Siemens se5880 manual IKE IPSec Policies Definition