Deployment Guide

1. Select the Transforms tab.

5. Enter the SA Proposal name.

6. Select the IPsec Protection Type option.

7. Select the IKE Policy Name option.

IKE policies need to be created before adding a transform policy. If there are no names to select

from, you must create an IKE policy.

8. Optional: Enter a local and peer IP address.

9. Click OK.

Selectors are used to apply transform policies to an IP flow. Flows are unidirectional. Selectors are

associated with a specific source IP address, a specific peer IP address, and a specific transform.

The Selectors window displays.

The Add Selector dialog box displays.

8. The Protocol Name selector allows you to select a specific protocol.

9. Click OK.

Part of manually creating an security association (SA) is to select an IPsec Protection Type. The

choices are discard, bypass, and protect:

• Discard causes data packets to be rejected if there is an invalid pair of source and destination

addresses or invalid port addresses.

• Bypass allows a data packet to be transmitted or received without IPsec protection.

• Process indicates a data packet is processed using IPsec encryption, IKE authentication, or both,

using encapsulation security protocol (ESP) processing, or authentication header (AH) protocol