Virtual PrivateNetworks(VPN) IPsec
IX20 User Guide
491
i. For Port, typethe port matching criteria.
Allowed values are a port number, a range of port numbers, or any.
22. Click to expand IKE.
a. For IKE version, select either IKEv1 or IKEv2. This setting must match the peer's IKE
version.
b. Initiate connection instructs the device to initiate the key exchange, rather than waiting
for an incoming request. This must be disabled if Remote endpoint >Hostname isset to
any.
c. For Mode, select either Main mode or Aggressive mode.
d. For IKE fragmentation, select one of the following:
n
If supported by the peer: Send oversized IKEmessages in fragments, if the peer
supports receiving them.
n
Always: Alwayssend IKEv1messages in fragments. For IKEv2, this option is
equivalent to If supported by the peer.
n
Never: Do not send oversized IKE messages in fragments.
n
Accept: Do not send oversized IKE messages in fragments, but announce support
for fragmentation to the peer.
The default is Always.
e. For Enable padding, click to disable the padding of IKEpackets. This should normally not
be disabled except for compatibility purposes.
f. For Phase 1 lifetime, enter the amount of time that the IKEsecurity association expires
after a successful negotiation and must be re-authenticated.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Phase 1 lifetime to ten minutes, enter 10m or 600s.
g. For Phase 2lifetime, enter the amount of time that the IKEsecurity association expires
after a successful negotiation and must be rekeyed.
Allowed values are any number of weeks, days, hours, minutes, or seconds, and take the
format number{w|d|h|m|s}.
For example, to set Phase 2 lifetime to ten minutes, enter 10m or 600s.
To Next Page
Loading...