<<Create a Site-to-Site IKE Policy (1 of 3)

Create a Site-to-Site IKE Policy (3 of 3) >>

 

Example 1: IPsec VPN, Site-to-Site

Create a Site-to-Site IKE Policy (Step 2 of 3)

TMS zl Module A

TMS zl Module B

  1. Under IKE Authentication, configure these settings:

  1. For Key Exchange Mode, select Main Mode.

  2. For Authentication Method, select Preshared Key.

  3. In the Preshared Key and Confirm Preshared Key boxes, type procurveVPNtest.

  1. Under Security Parameters Proposal, configure the security settings that will be proposed by the Threat Management Services (TMS) zl Module for the IKE SA:

  1. For Diffie-Hellman (DH) Group, select the size of the prime number that is used in DH key agreement. For this example, select Group 2 (1024).

  1. For Encryption Algorithm, select 3DES.

  1. For Authentication Algorithm, select MD5.

  1. For SA Lifetime in seconds, type 28800.

  1. Click Next.

  1. Under IKE Authentication, configure these settings:

  1. For Key Exchange Mode, select Main Mode.

  2. For Authentication Method, select Preshared Key.

  3. In the Preshared Key and Confirm Preshared Key boxes, type procurveVPNtest.

  1. Under Security Parameters Proposal, configure the security settings that will be proposed by the Threat Management Services (TMS) zl Module for the IKE SA:

  1. For Diffie-Hellman (DH) Group, select the size of the prime number that is used in DH key agreement. For this example, select Group 2 (1024).

  1. For Encryption Algorithm, select 3DES.

  1. For Authentication Algorithm, select MD5.

  1. For SA Lifetime in seconds, type 28800 seconds.

  1. Click Next.

 

On this page of the Add IKE Policy window, the settings for both sites should be identical.

<<Create a Site-to-Site IKE Policy (1 of 3)

Create a Site-to-Site IKE Policy (3 of 3) >>