R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
16
Relationship between IKE and IPsec
Figure 13 Relationship between IKE and IPsec
Figure 13 illustrates the relationship between IKE and IPsec:
• IKE is an application layer protocol using UDP and functions as the signaling protocol of IPsec.
• IKE negotiates SAs for IPsec and delivers negotiated parameters and generated keys to IPsec.
• IPsec uses the SAs established through IKE negotiation for encryption and authentication of IP
packets.
Configuring IKE in the web interface
Configuration task list
Before configuring IKE, you must determine the following parameters:
• The strength of the algorithms for IKE negotiation, namely the security protection level, including the
identity authentication method, encryption algorithm, authentication algorithm, and DH group.
Different algorithms provide different levels of protection. A stronger algorithm means more resistant
to decryption of protected data but requires more resources. Generally, the longer the key, the
stronger the algorithm.
• The pre-shared key or the PKI domain that the certificate belongs to. For more information about PKI
configuration, see the chapter “PKI configuration.”
Perform the tasks in Table 3 to
configure IKE.
Table 3 IKE configuration task list
Task Remarks
Configuring global
IKE parameters
Optional
Configure the IKE local name and NAT keepalive interval.