Netopia Firmware 4000-Series User Manual
Page 141
Internet Key Exchange (IKE) IPsec Key Management for VPNs 5-11
The Key Management pop-up menu at the top of the IPsec Tunnel Options screen allows you to choose
between IKE key management (the default for a new IPsec profile) and Manual key management.
If you select Manual, the IKE Phase 1 Profile option does not display, and you must enter your IPsec Manual
Keys under the IPsec Manual Keys screen. See
“IPsec Manual Key Entr y” on page 19
.
■
The IKE Phase 1 Profile pop-up menu allows you to associate an IKE Phase 1 Profile with the IPsec tunnel.
An IKE Phase 1 Profile specifies the set of parameters that will be used for the IKE Phase 1 exchange. IKE
Phase 1 Profiles may be shared by multiple IPsec tunnels. The pop-up menu item displays the name of the
currently associated IKE Phase 1 Profile, if any, or is blank if no IKE Phase 1 profile is associated with the
tunnel.
The pop-up menu lists the names of all currently defined IKE Phase 1 Profiles. The pop-up menu also
includes an <
first going to the IPsec Configuration screen, and a <
IKE Phase 1 Profile from the IPsec tunnel.
The remainder of the screen allows you to configure the IKE Phase 2 parameters that control the contents of
the single IKE Phase 2 proposal sent by the router. These same items specify the values that must be offered
by one of the remote peer’s proposals.
■
The Encapsulation pop-up menu allows you to select what IPsec encapsulations will be used: ESP only (the
default), AH only, or AH+ESP (both AH and ESP).
■
An AH Authentication Transform pop-up menu (which is visible only if you have selected AH or AH+ESP
encapsulation) allows you to specify the type of AH authentication: HMAC-MD5-96 or HMAC-SHA1–96.
■
The ESP Encryption Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP
encapsulation) allows you to specify the type of ESP encr yption: DES, 3DES, or NULL (no encr yption).
■
The ESP Authentication Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP
encapsulation) allows you to specify the type of ESP authentication: None, HMAC-MD5-96, or
HMAC-SHA1–96.
If you select Advanced IPsec Options, the Advanced IPsec Options screen appears.