This section describes the operations for adding, editing, and deleting IPsec settings.
Display a list of IPsec settings #
Displays a list of IPsec settings.
The “IPsec Settings” screen displays a list of IPsec settings registered with the product.
Add IPsec settings #
Add IPsec settings.
The “Add IKE Configuration” or “Add SA Configuration” screen will appear.
Adding IKE settings
This is how it is set up when the IKE tab is selected.
❶ Enter any policy name.
Enter the address of the local side.
Select All to allow all addresses.
By checking the Local ID checkbox, you can also select a type or enter an ID.
❸ Enter the address of the remote side (connection destination).
Select All to allow all addresses.
By checking the Remote ID checkbox, you can also select the type and enter the ID.
❹ Select the IKE version.
❺ Set the Pre-Shared Key (PSK).
❻ Specify the IKE mode. This mode is valid only when version 1 is selected in ❹ .
❼ Set the number of retries in the range of 1 to 255.
Select “No limit” for no limit on the number of retries.
❽ Sets the lifetime of IKE. It can be specified in seconds, minutes, or hours.
❾ Specify the behavior when disconnected by DPD (Dead Peer Detection).
❿ Set the interval for DPD. It can be specified in seconds, minutes, or hours.
⓫ Sets the timeout for DPD. It can be specified in seconds, minutes, or hours.
⓬ Check the Transform Settings checkbox to enable operation limited to specified transforms only.
Select the encryption algorithm.
❷ Select the authentication algorithm.
❸ Specify the PRF (Pseudo-Random Functions). This is valid only for IKEv2.
❹ Select Diffie Hellman Groups.
Adding SA settings
This is how it is set up when the SA tab is selected.
❶ Enter any policy name.
Click the ❷ toggle to enable/disable.
❸ Specifies the IKE name used for key exchange.
❹ Select IPsec connection behavior.
IPsec connections work in the following order Add a route that performs initiate operation (initiate operation is performed by communication) SA setting only (no initiate operation is performed) Note that when an initiate communication is received from the peer with all settings, it will operate as responder side if possible.
❺ Check Reconnect to enable reconnection.
❻ Select the protocol type.
❼ Select the communication mode.
If pass-through mode is selected, the local and remote subnets described below are required.
❽ Set the SA lifetime. It can be specified in seconds, minutes, or hours.
❾ Set the subnet for the local side.
❿ Set the subnet of the remote side.
⓫ Check the Transform Settings checkbox to enable operation limited to specified transforms only.
❶ Select the encryption algorithm.
❷ Select the authentication algorithm.
❸ Specify PFS (Perfect Forward Secrecy).
Edit IPsec settings #
Edit the registered IPsec settings.
The “Edit IKE Settings” or “Edit SA Settings” screen will appear.
The information in the modified IKE or SA settings will be updated.
Delete IPsec settings #
To delete registered IPsec settings, you can either delete them individually from the IPsec operation menu, or you can delete them after selecting all IPsec settings you wish to delete.
Delete IPsec settings individually
This method is to select Delete from the operation menu of IPsec settings.
The “Confirmation” screen appears.
IPsec settings are deleted.
Selecting and deleting multiple IPsec settings
This method is used to delete IPsec settings after checking the check boxes of the IPsec settings you wish to delete. This is useful when deleting multiple IPsec settings at once; you can also select a single IPsec setting to delete.
The “Confirmation” screen appears.
The selected IPsec settings are deleted.