![Digi IX20 User Manual Download Page 273](http://html.mh-extra.com/html/digi/ix20/ix20_user-manual_2496666273.webp)
Virtual Private Networks (VPN)
IPsec
IX20 User Guide
273
20. Click to expand
IKE
.
a. For
IKE version
, select either IKEv1 or IKEv2. This setting must match the peer's IKE
version.
b.
Initiate connection
instructs the device to initiate the key exchange, rather than waiting
for an incoming request. This must be disabled if
Remote endpoint
>
is set to
any
.
c. For
Mode
, select either
Main mode
or
Aggressive mode
.
d. For
Enable padding
, click to disable the padding of IKE packets. This should normally not
be disabled except for compatibility purposes.
e. For Phase 1 lifetime, enter the amount of time that the IKE security association expires
after a successful negotiation and must be re-authenticated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format
number
{
w|d|h|m|s
}.
For example, to set
Phase 1 lifetime
to ten minutes, enter
10m
or
600s
.
f. For Phase 2 lifetime, enter the amount of time that the IKE security association expires
after a successful negotiation and must be rekeyed.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format
number
{
w|d|h|m|s
}.
For example, to set
Phase 2 lifetime
to ten minutes, enter
10m
or
600s
.
g. For Lifetime margin, enter a randomizing amount of time before the IPsec tunnel is
renegotiated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format
number
{
w|d|h|m|s
}.
For example, to set
Lifetime margin
to ten minutes, enter
10m
or
600s
.
h. Click to expand
Phase 1 Proposals
.
i. Click
to create a new phase 1 proposal.
ii. For
Cipher
, select the type of encryption.
iii. For
Hash
, select the type of hash to use to verify communication integrity.
iv. For
Diffie-Hellman group
, select the type of Diffie-Hellman group to use for key
exchange.
v. You can add additional Phase 1 proposals by clicking
next to
Add Phase 1 Proposal
.