Users Guide
Parameter Description Description
of the master controller WebUI, then click the arrow button by the drop-
down list to add that transform set to the IPsec map.
Dynamically Addressed
Peer
Select either the Pre-shared Key or Certificate optoins to define security
options for a dynamically address peer.
Pre-shared Key
For pre-shared key authentication, select Pre-Shared Key, then enter a
shared secret in the IKE Shared Secret and Verify IKE Shared Secret
fields. This authentication type is generally required in IPsec maps for a
VPN with dynamically addressed peers, but can also be used for a static
site-to-site VPN.
Certificate For certificate authentication, select Certificate, then click the Server Cer-
tificate and CA certificate drop-down lists to select certificates previously
imported into the controller.
See Management Access on page 860 for more information on managing
certificates.
DPD Parameters
Enable DPD The DPD Parameters checkbox on the VPNtab enables or disables Dead
Peer Detection. When enabled, DPD uses IPsec traffic patterns to minimize
the number of IKE messages required to determine the liveliness of an IKE
peer. After a dead peer is detected, the branch controller tears down the
IPsec session. Once the network path or other failure condition has been cor-
rected, a new IPsec session is automatically re-established.
Policy Name
Policy
Number
IKE
Version
Encryption
Algorithm
Hash
Algorithm
Authentica
-tion
Method
PRF
Method
Diffie-
Hellman
Group
Default
protection
suite
10001 IKEv1 3DES-168 SHA 160 Pre-Shared
Key
N/A 2 (1024
bit)
Default RAP
Certificate
protection
suite
10002 IKEv1 AES -256 SHA 160 RSA
Signature
N/A 2 (1024
bit)
Default RAP
PSK
protection
suite
10003 AES -256 SHA 160 Pre-Shared
Key
N/A 2 (1024
bit)
Table 65: Default IKE Policy Setting
Dell Networking W-Series ArubaOS 6.4.x | User Guide BranchController Config for Controllers | 316