Netopia 3346N-ENT User Guide (en)

Download
Internet Key Exchange (IKE) IPsec Key Management for VPNs   6-13
The Key Management pop-up menu at the top of the IPsec Tunnel Options screen allows you to choose 
between IKE key management (the default for a new IPsec profile) and Manual key management.
If you select Manual, the IKE Phase 1 Profile option does not display, and you must enter your IPsec Manual 
Keys under the IPsec Manual Keys screen. See “IPsec Manual Key Entr y” on page 21.
The IKE Phase 1 Profile pop-up menu allows you to associate an IKE Phase 1 Profile with the IPsec tunnel. 
An IKE Phase 1 Profile specifies the set of parameters that will be used for the IKE Phase 1 exchange. IKE 
Phase 1 Profiles may be shared by multiple IPsec tunnels. The pop-up menu item displays the name of the 
currently associated IKE Phase 1 Profile, if any, or is blank if no IKE Phase 1 profile is associated with the 
tunnel.
The pop-up menu lists the names of all currently defined IKE Phase 1 Profiles. The pop-up menu also 
includes an <<ADD PH1 PROFILE>> item to allow you to define a new IKE Phase 1 Profile directly without 
first going to the IPsec Configuration screen, and a <<NONE>> item to allow you to dissociate an existing 
IKE Phase 1 Profile from the IPsec tunnel.
The remainder of the screen allows you to configure the IKE Phase 2 parameters that control the contents of 
the single IKE Phase 2 proposal sent by the Router. These same items specify the values that must be offered 
by one of the remote peer’s proposals.
The Encapsulation pop-up menu allows you to select what IPsec encapsulations will be used: ESP only (the 
default), AH only, or AH+ESP (both AH and ESP).
An AH Authentication Transform pop-up menu (which is visible only if you have selected AH or AH+ESP 
encapsulation) allows you to specify the type of AH authentication: HMAC-MD5-96 or HMAC-SHA1–96.
The ESP Encryption Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP 
encapsulation) allows you to specify the type of ESP encr yption: DES, 3DES, or NULL (no encr yption).
The ESP Authentication Transform pop-up menu (which is visible only if you have selected ESP or AH+ESP 
encapsulation) allows you to specify the type of ESP authentication: None, HMAC-MD5-96, or 
HMAC-SHA1–96.
Advanced IPsec Options
If you select Advanced IPsec Options, the Advanced IPsec Options screen appears.