Filter
Top Products
Nokia Network Voyager for IPSO 4.0 Reference Guide 335
Some IPSec systems require that the SA lifetimes (seconds, as well as megabytes) match on
both devices. See “Putting It All Together” in “Creating an IPSec Policy” for more
information.
IKE and PFS groups should match on both devices. See “Putting It All Together” in
“Creating an IPSec Policy” for more information.
The Diffie-Hellman key exchange uses the IKE group during the establishment of Phase 1
ISAKMP SA. Value options are 1, 2, or 5; 2 is the default value.
The Diffie-Hellman key exchange uses the PFS group in Phase 2 to construct key material
for IPSec SAs. The value options are 1, 2, 5, or none; 2 is the default. Setting the value to
none disables PFS.
Note
When IPSO is acting as the responder of the Phase 2 negotiation, it always accepts the PFS
group proposed by the initiator.
Creating an IPSec Policy
Choosing IPv4 or IPv6 General Configuration Page
To chose IPv4 or IPv6 general configuration pages
1. Click IPSec under Security and Access in the tree view. .
2. Access the appropriate IPSec General Configuration page:
To display the IPv4 IPSec General Configuration page—click on the IPSec link
To display the IPv6 IPSec General Configuration page—first click on the IPv6
Configuration link; this takes you to the main IPv6 page. Next, click on the IPSec link;
this takes you to the IPv6 IPSec General Configuration Page.
If you are on the IPv4 General Configuration page—6to move to the IPv6 General
configuration page, scroll down to the bottom of the page and click the IPv6 IPSec
General Configuration link.
Note
Application procedures are the same for both configuration page types. The primary
difference is the format of the IP addresses. IPv4 uses dotted quad format and IPv6 uses
canonical address format. Selected range values might be different; consult the inline Help
option for specifics.
The following sections describe how to create an IPSec policy.