To create an NGE key group

Steps
 

Choose Manage→Network Group Encryption from the NFM-P main menu. The Manage Network Group Encryption form opens.


Click Create→Key Group. The Key Group (Create) form opens.


Configure method of rekey operations: check the Force Rekey or Progressive Rekey check box, or leave both boxes unchecked to choose (default) rekey.


Configure the Encryption Algorithm and Authentication Algorithm parameters.


Click Apply. The NFM-P generates the encryption and authentication keys; the key values are displayed in the Security Associations panel.


Click on the Encryption tab.


Add one or more service objects to the key group.

  1. Click on the sub-tab for the type of object that you need to add.

    Note the following:
    • The terminating site of an SDP must support NGE and be managed by the NFM-P.

    • A PW template must have the Use GRE Delivery parameter set to True.

  2. Click Add and use the form that opens to choose one or more objects.


To apply the NGE encryption keys, perform one of the following: to one or more objects, select the objects and click Encrypt.

  • To apply the NGE encryption keys to SDPs or VPRNs, click Encrypt Services.

  • To apply the NGE encryption keys to other objects, select the objects and click Encrypt.


Click Yes to confirm the action. The NFM-P deploys the key group and keys to the participating NEs. The indicators in the Execution Status panel on the General tab display the status of the operation.

If the deployment is successful, the indicators appear as follows:

  • Execution State—Encryption

  • Last Execution Status—Success


10 

To create a rekeying scheduled task, perform the following steps.

For maximum security, Nokia recommends that you create a rekeying scheduled task, which ensures that the keys in a key group are updated regularly.

  1. Click on the Rekey Schedule tab.

  2. Click Create. The Rekey Schedule, Key Group (Create) form opens.

  3. Configure the parameters.

  4. In the Schedule panel, click Select and use the form that opens to choose or create a schedule.

    You cannot use a schedule that has a Frequency value of Per Second or Per Minute.

  5. Click OK to save your changes and close the form. A rekeying scheduled task is created.


11 

Click OK to save your changes and close the Key Group (Create) form.


12 

Close the Manage Network Group Encryption form.

End of steps