8
IKE Policy Configuration (continued)
1.
Enter an alphanumeric string (spaces are not valid characters) used to identify this policy.
2.
Select BOTH DIRECTIONS to allow IKE to be initiated by either the local or remote NetVanta.
3.
Select MAINMODE as the Exchange Type.
If both sides do not have permanent IP addresses, see the Aggressive Mode tech note on
www.adtran.com.
4.
Use the unique Fully Qualified Domain Name (FQDN) for the local NetVanta 2000 and enter the identifi-
cation data (these need not be registered names).
5.
Use the unique FQDN for the remote users and enter the identification data (these need not be registered
names).
6.
Enter the local NetVanta 2000's assigned WAN IP address.
7.
Enter the remote NetVanta 2000's assigned WAN IP address.
8.
Select 3DES to invoke Triple DES encryption.
9.
Select SHA to use the secure hash authentication algorithm #1.
10.
Select Pre-SharedKey and enter the key as a 12-character (minimum) alphanumeric string (spaces are
not valid characters). This key MUST be the same for both the local and remote units.
11.
Set the Life time of key to 86400 seconds (this is the ADTRAN suggested value).
When determining the appropriate value for your application, typical usage contains a 3:1 ratio
between the IKE and IPSec key lifetime values. This ratio provides for key negotiation overhead.
12.
Select Group 2 to invoke Diffie-Hellman Group 2.
13.
Click SUBMIT to register the changes.
1
2
4
7
8
12
13
11
10
6
9
5
3
