Internet Key Exchange (IKE) IPsec Key Management for VPNs 6-5
•
The
Profile Name
field accepts any name of up to 16 characters. Sixteen IKE Phase 1 profiles are
suppor ted, since each of the potential sixteen Connection Profiles may be associated with a separate IKE
Phase 1 profile.
•
The
Mode
pop-up menu allows you to choose between Main Mode (the default) and Aggressive Mode.
•
In
Main Mode
the Router hides the
Local
and
Remote Identity Type
and
Value
fields, defaults to the host
address, and always uses the IPV4 Address and the local and remote tunnel endpoint address.
•
In
Aggressive Mode
the
Local
and
Remote Identity Type
pop-up menus allow you to choose the type of
Identity value to use: IPv4 Address, IPv4 Subnet, IPv4 Range, Host Name, E-Mail Address, Key ID (ASCII),
and Key ID (HEX). The
Local
and
Remote Identity Type
and
Value
menus allow you to specify one of the
following, based on what Local Identity Type you selected in the previous pop-up menu:
IPv4 Address
: A single IPv4 address in the familiar dotted-quad notation (a.b.c.d).
IPv4 Subnet
: A single IPv4 network address in dotted-quad notation (a.b.c.d) followed by a mask specified
either
by a slash and a bit-count between 0 and 32 OR by a second dotted-quad.
IPv4 Range
: Two IPv4 addresses in dotted quad notation (a.b.c.d) separated by a space.
Host Name
: A fully-qualified domain name (FQDN).
E-Mail Address
: An RFC 822 e-mail address in the form
user@hostname
.
Key ID (ASCII)
: An opaque string consisting of printable ASCII characters represented as a sequence of
printable ASCII characters.
Key ID (HEX)
: An opaque string consisting of arbitrar y 8-bit ASCII values represented as a sequence of
hexadecimal digits, each of which corresponds to one nibble of the string value.
•
The
Authentication Method
pop-up menu specifies the IKE Phase 1 authentication method. The only
currently suppor ted authentication method is Shared Secret. Other methods may be suppor ted in future
firmware releases.
•
The
Shared Secret
field
allows you to enter a shared secret phrase (between 1 and 48 characters long)
that will be used to generate key material for IKE Phase 1.
•
The
Encryption Algorithm
pop-up menu specifies the IKE Phase 1 encr yption algorithm, and may be either
DES (the default) or 3DES.
•
The
Hash Algorithm
pop-up menu specifies the IKE Phase 1 hash algorithm, and may be either SHA1 (the
default) or MD5.
•
The
Diffie-Hellman Group
pop-up menu specifies the IKE Phase 1 Diffie-Hellman key exchange size, and
may be either Group 1 (768 bits), Group 2 (1024 bits) (the default), or Group 5 (1536 bits).
Summary of Contents for 3300-ENT Series
Page 10: ...x Firmware User Guide...
Page 16: ...1 6 Firmware User Guide...
Page 44: ...2 28 Firmware User Guide...
Page 96: ...3 52 Firmware User Guide...
Page 192: ...6 26 Firmware User Guide...
Page 264: ...9 14 Firmware User Guide...
Page 314: ...10 50 Firmware User Guide...
Page 324: ...11 10 Firmware User Guide...
Page 334: ...Index 6...