Skip to end of metadata
Go to start of metadata

To establish IPSec settings, use tools located in the General-IPSec directory.

View Tables

Select the IPSec subdirectory for the VX node and view contents at the IPSec screen.

Modify Settings

Double-click on an entry in the IPSec Settings screen to present the Edit IKE Key Exchange Settings dialog box.


Edit IKE Settings Dialog

Field

Description

PFS

Select a PFS setting from the dropdown list. Options include, Disabled, DH Group 1 and DH Group 2.When PFS is configured, a new ISAKMP SA is created for each IPSec SA negotiation and a Diffie-Hellman exchange is performed for each IPSec SA negotiation.
DH Group refers to the size of the key that will be used in the DH exchange. DH Group 2 is more secure than DH Group 1.

Master Key Settings
Generate a new key every: seconds

Sets the master key lifetime which specifies when the IKE SA will expire. This value can be specified in seconds.

Session Key Settings
Generate a new key every: seconds

Sets the session key lifetime which specifies when the IPSec SA will expire. This value can be specified in seconds.

  • No labels