To configure an IPsec IKE policy

Purpose

Use this procedure to set up IPsec IKE policies.

Steps
 

Choose Policies→ISA Policies→IPsec Policies from the NFM-P main menu. The IPsec Policies form opens.


Click Create→IKE Policy, or choose a policy and click Properties. The IPsec IKE Policy (Create|Edit) form opens.


Configure the required parameters on the General tab.


Click on the NAT Traversal tab and configure the required parameters.


Click on the DPD tab and configure the required parameters.

The Interval and Max Retries parameters can only be configured when the Dead Peer Detection (DPD) parameter is set to Enable.


Click on the Lockout tab and configure the required parameters.

If you select the Enable Lockout check box, you can configure a set of parameters that define the lockout condition.


If applicable, click on the IKE Transforms tab and associate IKE Transform policies to the IKE policy. Depending on the NE software release, up to four IKE Transform policies may be applicable.

Perform the following steps:

  1. Choose an entry and click Properties. The IPSec IKE Transform Associations form opens.

  2. Click Select in the IKE Transform panel and choose or create an IKE transform policy to associate. See To configure an IKE transform policy.

  3. Click OK to close the form.


If the IKE version is v2, the Fragment tab becomes available.

If you select the Fragment check box, you can configure a set of parameters that define the fragmentation.


Click Apply.


10 

Distribute the policy to NEs.


11 

Close the IPsec IKE Policy (Create|Edit) form.


12 

Close the IPsec Policies form.

End of steps