5 - 130 WiNG 5.6 Access Point System Reference Guide
8. Select + Add Row to define the network address of a target peer and its security settings.
9. Select OK to save the changes made within the IKE Policy screen. Select Reset to revert to the last saved configuration.
Select the Delete Row icon to remove a peer configuration.
10. Select the Peer Configuration tab to assign additional network address and IKE settings to the an intended VPN tunnel
peer destination.
Figure 5-82 Profile Security - VPN Peer Destination screen (IKEv1 example)
11. Select either the IKEv1 or IKEv2 radio button to enforce VPN key exchanges using either IKEv1 or IKEv2.
Mode If using IKEv1, use the drop-down menu to define the IKE mode as either Main or Aggressive.
IPSEC has two modes in IKEv1 for key exchanges. Aggressive mode requires 3 messages be
exchanged between the IPSEC peers to setup the SA, Main requires 6 messages. The default
setting is Main.
DPD Retries Use the spinner control to set the maximum number of keep alive messages sent before a VPN
tunnel connection is defined as dead. The available range is from 1 - 100. The default setting
is 5.
IKE LifeTime Set the lifetime defining how long a connection (encryption/authentication keys) should last
from successful key negotiation to expiration. Set this value in either Seconds (600 - 86,400),
Minutes (10 - 1,440), Hours (1 - 24) or Days (1). This setting is required for both IKEv1 and
IKEV2.
Name If creating a new IKE policy, assign the target peer (tunnel destination) a 32 character
maximum name to distinguish it from others with a similar configuration.
DH Group Use the drop-down menu to define a Diffie-Hellman (DH) identifier used by the VPN peers to
derive a shared secret password without having to transmit. DH groups determine the
strength of the key used in key exchanges. The higher the group number, the stronger and
more secure the key. Options include 2, 5 and 14. The default setting is 5.
Encryption Select an encryption method used by the tunnelled peers to securely interoperate. Options
include 3DES, AES, AES-192 and AES-256. The default setting is AES-256.
Authentication Select an authentication hash algorithm used by the peers to exchange credential information.
Options include SHA and MD5. The default setting is SHA.
To Next Page
Loading...
