The IKE Policy table specifies all the IKE policy objects applicable for the selected VPN configuration when Secure Client endpoints connect using the IPsec protocol. For more information, see IKE Policies in Remote Access VPNs.
Note | threat
defense supports only IKEv2 for remote access VPNs. |
Procedure
Step 1 | Choose . |
Step 2 | From the list of available VPN policies, select the policy for which you want to modify the settings. |
Step 3 | Click Advanced > IKE Policy. |
Step 4 | Click Add to select from the available IKEv2 policies, or add a new IKEv2 policy and specify the following:
-
Name—Name of the IKEv2 policy.
-
Description—Optional description of the IKEv2 policy
-
Priority—The priority value determines the order of the IKE policy compared by the two negotiating peers when attempting to find a common security association (SA).
-
Lifetime— Lifetime of the security association (SA), in seconds
-
Integrity—The Integrity Algorithms portion of the Hash Algorithm used in the IKEv2 policy.
-
Encryption—The Encryption Algorithm used to establish the Phase 1 SA for protecting Phase 2 negotiations.
-
PRF Hash—The pseudorandom function (PRF) portion of the Hash Algorithm used in the IKE policy. In IKEv2, you can specify different algorithms for these elements.
-
DH Group—The Diffie-Hellman group used for encryption.
|
Step 5 | Click Save. |