Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 167
Brocade Mobility Access Point System Reference Guide
157
53-1003100-01
5
Internet Key Exchange (IKE) protocol is a key management protocol standard used in conjunction
with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration
simplicity for the IPSec standard. IKE automatically negotiates IPSec SAs, and enables secure
communications without time consuming manual pre-configuration.
To define a profile’s VPN settings:
1. Select the Configuration tab from the Web UI.
2. Select Devices.
3. Select System Profile from the options on left-hand side of the UI.
4. Expand the Security menu and select VPN.
FIGURE 60
Profile Security - VPN IKE Policy screen
5. Select either the IKEv1 or IKEv2 radio button to enforce VPN peer key exchanges using either
IKEv1 or IKEv2.
IKEv2 provides improvements from the original IKEv1 design (improved cryptographic
mechanisms, NAT and firewall traversal, attack resistance etc.) and is recommended in most
deployments. The appearance of the IKE Policy screens differ depending on the selected IKEv1 or
IKEv2 mode.
6. Refer to the following to determine whether an IKE Policy requires creation, modification or
removal:
Name
Displays the 32 character maximum name assigned to the IKE policy.
DPD Keep Alive
Lists each policy’s IKE keep alive message interval defined for IKE VPN tunnel dead peer detection.
IKE LifeTime
Displays each policy’s lifetime for an IKE SA. The lifetime defines how long a connection
(encryption/authentication keys) should last, from successful key negotiation to expiration. Two peers need
not exactly agree on the lifetime, though if they do not, there is some clutter for a superseded connection
on the peer defining the lifetime as longer.
DPD Retries
Lists each policy’s maximum number of keep alive messages sent before a VPN tunnel connection is
defined as dead by the peer. This screen only appears when IKEv1 is selected.