Create an IPSec Profile

Step 1

Navigate to Infrastructure > Network > IPSec.

Step 2

Click Create.

Step 3

Enter a unique Profile Name.

Step 4

(Optional) Enter a Description. This may help differentiate from other profiles with a similar name.

Step 5

Enter the appropriate IKE information when prompted:

1. DH Group - Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Expand the drop-down menu to select the appropriate groups for the profile.

2. Authentication - Expand the drop-down menu to select the types of authentication you want for this tunnel.

3. Encryption - Intercepted stacks require encrypting and decrypting. Expand the drop-down menu to select your method of encryption.

4. Hash - SHA1 is a one-way hashing algorithm that produces a 160-bit digest. Use the drop-down menu to select the appropriate option.

5. Key Lifetime - Enter a time value in seconds for how long the key lasts. Avaialble values are between 60 sec and 86400 sec.

6. IKE Version -The Internet Key Exchange (IKE) is a protocol that is used to set up a security association in the IPSec protocol suite that provides robust authentication and encryption of IP packets. Use the drop-down menu to select either IKE version 1 or version 2. There are significant differences between the versions so be sure to select the one most appropriate for your environment.

Step 6

Enter the appropriate IPsec information when prompted:

1. Authentication - Expand the drop-down menu to select an authentication method: None, SHA256, SHA, or Null.

2. Encryption - Expand the drop-down and select a type of key: AES GCM 256, AES GCM 192, or AES GCM. This generates a unique key exchange between the connected devices, so that each device can decrypt the other device's messages.

3. Mode - Expand the drop-down menu to select the IPSec policy authentication protocol. You can select more than one.