User's Manual
Chapter 16 IPSec VPN 118
Key Exchange Method Select the key exchange method:
Auto(IKE) - Select this to use automatic IKE key management VPN connection
policy.
Manual - Select this option to configure a VPN connection policy that uses a
manual key instead of IKE key management. This may be useful if you have
problems with IKE key management.
Note: Only use manual key as a temporary solution, because it is not as secure
as a regular IPSec SA.
Authentication Method Select Pre-Shared Key to use a pre-shared key for authentication, and type in
your pre-shared key. A pre-shared key identifies a communicating party during
a phase 1 IKE negotiation. It is called "pre-shared" because you have to share it
with another party before you can communicate with them over a secure
connection.
Select Certificate (X.509) to use a certificate for authentication.
Pre-Shared Key Type your pre-shared key in this field. A pre-shared key identifies a
communicating party during a phase 1 IKE negotiation.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal
("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero
x), which is not counted as part of the 16 to 62 character range for the key. For
example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Perfect Forward
Secrecy (PFS)
Select whether or not to enable Perfect Forward Secrecy (PFS). Both routers
must enable it or disable it.
Advanced IKE Settings Use the button to show or hide the advanced IKE settings.
Phase 1
Mode Select the negotiation mode to use to negotiate the IKE SA. Choices are:
Main - this encrypts the Router’s and remote IPSec router’s identities but takes
more time to establish the IKE SA.
Aggressive - this is faster but does not encrypt the identities.
The Router and the remote IPSec router must use the same negotiation mode.
Table 70 IPSec VPN: Add (continued)
LABEL DESCRIPTION