Filter
Top Products
Configuring IKE Policies
ArubaOS contains several predefined default IKE policies, as described in Table 79. If you do not want to use any of
these predefined policies, you can use the procedures below to edit an existing policy or create your own custom IKE
policy instead.
NOTE: The IKE policy selections need to be reflected in the VPN client configuration. When using a third-party VPN client, set the
VPN configuration on clients to match the choices made above. In case the Dell dialer is used, these configuration need to be made
on the dialer prior to downloading the dialer onto the local client
1. Scroll down to the IKE Policies section of the IPSEC tab, then click Edit to edit an existing policy or click Add
to create a new policy.
2. Enter a number into the Priority field to set the priority for this policy. Enter a priority to 1 for the
configuration to take priority over the Default setting.
3. Select the IKE version. Click the Version drop-down list and select V2 for IKEv2.
4. Set the Encryption type. Click the Encryption drop-down list and select one of the following encryption types.
l DES
l 3DES
l AES128
l AES192
l AES256
5. Set the HASH function. Click the Hash drop-down list and select one of the following hash types.
l MD5
l SHA
l SHA1-96
l SHA2-256-128
l SHA2-384-192
6. ArubaOS VPNs support IKEv2 client authentication using RSA digital certificates, or Elliptic Curve Digital
Signature Algorithm (ECDSA) certificates. To set the authentication type for the IKE rule, click the
Authentication drop-down list and select one of the following types:
l RSA
l ECDSA-256
l ECDSA-384
7. Diffie-Hellman is a key agreement algorithm that allows two parties to agree upon a shared secret, and is used
within IKE to securely establish session keys. To set the Diffie Hellman Group for the ISAKMP policy, click the
Diffie Hellman Group drop-down list and select one of the following groups:
l Group 1: 768-bit Diffie Hellman prime modulus group.
l Group 2: 1024-bit Diffie Hellman prime modulus group.
l Group 19: 256-bit random Diffie Hellman ECP modulus group.
l Group 20: 384-bit random Diffie Hellman ECP modulus group.
8. Set the Pseudo-Random Function (PRF) value. This algorithm is an HMAC function to used to hash certain
values during the key exchange.
l PRF-HMAC-MD5
l PRF-HMAC-SHA1
l PRF-HMAC-SHA256
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualPrivateNetworks | 281