ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual
Virtual Private Networking 5-17
v1.1, August 2010
Each policy that is listed in the List of IKE Policies table contains the following data:
• Name. Uniquely identifies each IKE policy. The name is chosen by you and used for the
purpose of managing your policies; it is not supplied to the remote VPN Server.
• Mode. Two modes are available: either “Main” or “Aggressive”.
– Main Mode is slower but more secure.
– Aggressive mode is faster but less secure. (If specifying either a FQDN or a User FQDN
name as the Local ID/Remote ID, aggressive mode is automatically selected.)
• Local ID. The IKE/ISAKMP identifier of this device. (The remote VPN must have this value
as their “Remote ID”.)
• Remote ID. The IKE/ISAKMP identifier of the remote VPN gateway. (The remote VPN must
have this value as their “Local ID”.)
• Encr. Encryption Algorithm used for the IKE SA. The default setting using the VPN Wizard is
3DES. (This setting must match the remote VPN.)
• Auth. Authentication Algorithm used for the IKE SA. The default setting using the VPN
Wizard is SHA1. (This setting must match the remote VPN.)
• DH. Diffie-Hellman Group. The Diffie-Hellman algorithm is used when exchanging keys. The
DH Group sets the number of bits. The VPN Wizard default setting is Group 2. (This setting
must match the remote VPN.)
• Enable Dead Peer Detection: Dead Peer Detection is used to detect whether the peer is alive
or not. If the peer is detected as dead, the IPSec and IKE Security Association are deleted.
To delete one or more IKE polices:
1. Select the checkbox to the left of the policy that you want to delete or click the select all
button to select all IKE policies.
2. Click the delete button.
To add or edit an IKE policy, see “Manually Adding or Editing an IKE Policy” on page 5-18.
Note: You cannot delete or edit an IKE policy for which the VPN policy is active. You
first must disable or delete the VPN policy before you can delete or edit the IKE
policy.
Note: To gain a more complete understanding of the encryption, authentication and
DH algorithm technologies, see the link to “Virtual Private Networking Basics”
on page C-1.