Technical data
220 Web Tools Administrator’s Guide
53-1002934-02
IPsec over management ports
16
• The IKE hash algorithm.
• The Diffie-Hellman group number.
• The IKE SA lifetime.
• The IP addresses of the endpoints.
• The IPsec protocol (AH or ESP).
• The IPsec Transform policy.
To create an SA proposal, perform the following steps.
1. Select the SA Proposal tab on the IPsec Policies window.
2. Select Add.
The Add-SA Proposal dialog box displays.
3. Enter a name in the SA Proposal Name field.
4. Enter the SAs in the SA(s) to use field.
5. Optionally, define SA lifetime parameters.
The SA lifetime may be defined as a time value in seconds (LifeTime in seconds), as the
number of bytes transmitted before the SA is rekeyed (LifeTime in bytes), or both. When both
are used, the SA lifetime is determined by the threshold that is first reached.
6. Click OK.
Adding an IPsec transform policy
The IPsec transform policy is the combination of protocols and algorithms applied to a flow of IP
packets. IPsec unidirectional, and policies need to be applied to both inbound and outbound flows.
Part of adding an IPsec transform policy is to select an IPsec Protection Type. The choices are
discard, bypass, and protect:
• Discard causes data packets to be rejected if there is an invalid pair of source and destination
addresses or invalid port addresses.
• Bypass allows a data packet to be transmitted or received without IPsec protection.
• Process indicates a data packet is processed using IPsec encryption, IKE authentication, or
both, using encapsulation security protocol (ESP) processing, or authentication header (AH)
protocol processing.
To add an IPsec transform policy, perform the following steps.
1. Select the Transforms tab.
The Transforms window displays.
2. Select Add.
The Add Transform dialog box displays.
3. Enter a name in the Transform Name field.
4. Select the IPsec Mode.
The choices are Transpor t or Tunnel.
5. Enter the SA Proposal name.