5–Managing Switches
Configuring the Network
59266-01 B 5-47
Removing a Policy Configuration
To remove an existing policy configuration:
1. On the Switch menu, click Network, and then click IPsecIKE Properties to
view the IKE Configuration dialog box (Figure 5-19).
2. On the IKE Policy Database side, click the policy in the list to remove.
3. Click Remove.
4. Click OK to save the changes and exit the IKE Configuration dialog box, or
click Cancel to exit without saving any changes.
Editing a Policy Configuration
To edit an existing policy configuration:
1. On the Switch menu, click Network, and then click IPsecIKE Properties to
view the IKE Configuration dialog box (Figure 5-19).
2. On the IKE Policy Database side, click the policy in the list to edit.
Remote Address Available only when tunnel option is selected in Mode
drop-down. Must be an IPv4 or IPV6 address, with an optional
prefix length specifier of /n for switch to subnet policies.
Remote Port Range between 1–65535
Protocol Options: icmp, icmp6, ip4, tcp, udp, any
Peer The IKE peer to which this IKE policy applies
Action ipsec (only option)
Protection Desired Available only when transport option is selected in Mode
drop-down; esp (only option)
Lifetime Child Range between 900–86400
RekeyChild Select or not
Encryption Options: null, 3des_cbc, aes_cbc_128, aes_cbc_192,
aes_cbc_256
Integrity Options: md5_96, sha1_96, sha2_256, aes_xcbc_96
DHGroup Options: 1, 2, 5, 14, 24
Restrict If selected, IKE can create only child SAs with the selected
encryption/authentication algorithms. If not selected, child SAs
can be created for any algorithms the peers have in common.
Table 5-10. Create Policy Dialog Box Fields
Field Description
To Next Page
Loading...
