Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

158

Brocade Mobility Access Point System Reference Guide

53-1003100-01

5

7. Select Add to define a new IKE Policy configuration, Edit to modify an existing configuration or

Delete to remove an existing configuration.

FIGURE 61

Profile Security - VPN IKE Policy create/modify screen (IKEv1 example)

Name

If creating a new IKE policy, assign it a name (32 character maximum) to help differentiate this
IKE configuration from others with similar parameters.

DPD Keep Alive

Configure the IKE keep alive message interval used for dead peer detection on the remote end of
the IPSec VPN tunnel. Set this value in either Seconds (10 - 3,600), Minutes (1 - 60) or Hours (1).
The default setting is 30 seconds. This setting is required for both IKEv1 and IKEV2.

Mode

If using IKEv1, use the drop-down menu to define the IKE mode as either Main or Aggressive.
IPSEC has two modes in IKEv1 for key exchanges. Aggressive mode requires 3 messages be
exchanged between the IPSEC peers to setup the SA, Main requires 6 messages. The default
setting is Main.

DPD Retries

Use the spinner control to set the maximum number of keep alive messages sent before a VPN
tunnel connection is defined as dead. The available range is from 1 - 100. The default setting is
5.

IKE LifeTime

Set the lifetime defining how long a connection (encryption/authentication keys) should last from
successful key negotiation to expiration. Set this value in either Seconds (600 - 86,400), Minutes
(10 - 1,440), Hours (1 - 24) or Days (1). This setting is required for both IKEv1 and IKEV2.