Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing and Administering IPSec/9000 > Chapter 1 Installing and Configuring IPSec/9000

Step 6C: Configuring an IPSec/9000 Policy: ISAKMP Policy
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

  1. Go on to ISAKMP Policy in the Create IPSec Policy screen.

  2. Configure an ISAKMP policy for the IPSec/9000 policy. You can view or edit an existing ISAKMP policy, or you can create a new ISAKMP policy.

    ISAKMP stands for the Internet Security Association and Key Management Protocol

    You can only configure an ISAKMP policy if you have chosen a transform other than pass or discard. The ISAKMP Policy subarea is disabled if the IPSec Transform List displays discard or pass.

    NOTE: If you are defining several IPSec Policies with the same Remote IP Address, then you must use the same ISAKMP Policy for these IPSec Policies.

    1. To create an ISAKMP policy, click the Create button.

    2. In the Name field, enter a unique name for the ISAKMP policy.

      If you click the Default checkbox, the Default ISAKMP policy is selected and displayed. You can modify the attributes of the Default ISAKMP policy.

    3. Enter the Lifetime value in seconds. The default value is 28800 (8 hours). The value must fall between the 600 seconds and 12 hours (43,200 seconds).

    4. Enter the Max Quick Modes value. The default value is 100. For perfect forward secrecy (PFS), enter 1 in the Max Quick Modes field.

      If the value of Max Quick Modes is 1, IKE provides PFS for the IPSec SA keys and the identities of the ISAKMP negotiating parties (and identities of any parties for which the ISAKAMP parties are acting as proxies). With PFS, the exposure of one key permits access only to data protected by that key. When PFS is configured, the IKE daemon creates a new ISAKMP SA for each IPSec SA negotiation and performs a Diffie-Hellman exchange for each IPSec SA negotiation.

    5. Select an Oakley Group. The default group is MODP(1). MODP(1) uses 768 bits for an exponent, while MODP (2) uses 1024 bits.

    6. Select the appropriate Hash algorithm from the Hash display window.

    7. Select the appropriate Encryption algorithm from the Encryption display window.

    8. Select the appropriate Authentication algorithm from the Authentication display window.

    9. Click OK to save the policy and return to the Create IPSec/9000 Policy screen.

  3. Go on to "Step 6D, Configuring an IPSec/9000 Policy: Tunnel."



Step 6B: Configuring an IPSec/9000 Policy: Transform List
  		 


Step 6D: Configuring an IPSec/9000 Policy: Tunnel  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001 Hewlett-Packard Development Company, L.P.