2 setting ike policies, 2 setting ike policies -38, Setting ike policies – Motorola Series Switch WS5100 User Manual
Page 262
6-38 WS5100 Series Switch System Reference Guide
6. Refer to the
Pre-shared Keys
field to review the following information:
7. Highlight an existing set of pre-shared Keys and click the
Edit
button to revise the existing peer IP
address, key and aggressive mode designation.
8. Select an existing entry and click the
Delete
button to remove it within the table.
9. If the properties of an existing peer IP address, key and aggressive mode designation are no longer
relevant and cannot be edited to be useful, click the
Add
button to create a new pre-shared key.
a. Select the
Peer IP Address checkbox
to associate an IP address with the specific tunnel used by
a group of peers or, select the
Distinguished Name
checkbox to configure the switch to restrict
access to those peers with the same distinguished name, or select the
Hostname
checkbox to allow
shared-key messages between corresponding hostnames.
b. Define the
Key
(string ID) a remote peer uses to look up the pre-shared to interact securely with
peers within the tunnel.
c. Select the
Aggressive Mode
checkbox if required. Aggressive mode enables you to configure
Internet Key Exchange (IKE) pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.
d. Refer to the
Status
field for the current state of the requests made from applet. This field displays
error messages if something goes wrong in the transaction between the applet and the switch.
e. Click
OK
to use the changes to the running configuration and close the dialog.
f. Click
Cancel
to close the dialog without committing updates to the running configuration.
6.7.2 Setting IKE Policies
Each IKE negotiation is divided into two phases. Phase 1 creates the first tunnel (protecting later IKE
negotiation messages) and phase 2 creates the tunnel protecting the data. To define the terms of the IKE
negotiation, create one or more IKE policies, including the following:
Peer IP Address
Use the Peer IP Address to associate an IP address with the specific tunnel used by a group
of peers.
Aggressive Mode
Displays whether aggressive mode is enabled for this IP address and key string. A green
check mark defines aggressive mode as enabled. A red “X” denotes the mode as disabled.
Key
Displays the string ID a remote peer uses to look up pre-shared keys.