Support User Manuals

NETGEAR SRX5308-100NAS Switch User Manual

Open as PDF

of 460

Virtual Private Networking Using IPSec and L2TP Connections

225

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308

Manage IPSec VPN Policies

• Manage IKE Policies

• Manage VPN Policies

After you have used the VPN Wizard to set

up a VPN tunnel, a VPN policy and an IKE policy

are stored in separate policy tables. The name that you selected as the VPN tunnel

connection name during the VPN Wizard setup identifies both the VPN policy and IKE policy.

You can edit existing policies, or manually add new VPN and IKE policies directly in the policy

tables.

Manage IKE Policies

The Internet Key Exchange (IKE) protocol performs negotiations between the two VPN

gateways and provides automatic management of the keys that are used for IPSec

connections. It is important to remember that:

• An

automatically generated VPN policy (auto policy) needs to use the IKE negotiation

protocol.

• A manua

lly generated VPN policy (manual policy) cannot use the IKE negotiation

protocol.

IKE policies are activated when the following situations occur:

1. T

he VPN policy selector determines that some traffic matches an existing VPN policy of

an auto policy type.

2. The IKE

policy that is specified in the Auto Policy Parameters section of the Add VPN Policy

screen (see Figure 157 on

page 234) for the VPN policy is used to start negotiations with the

remote VPN gateway.

3. An IKE session is est

ablished, using the security association (SA) settings that are specified

in a matching IKE policy:

• Keys a

nd other settings are exchanged.

• An

IPSec SA is established, using the settings that are specified in the VPN policy.

The VPN tunnel is then available for data transfer.

When you use the VPN Wizard to set up a VPN tu

nnel, an IKE policy is established and

populated in the List of IKE Policies, and is given the same name as the new VPN connection

name. You can also edit exiting policies or add new IKE policies from the IKE Policies screen.

IKE Policies Screen

 To access the IKE Policies screen:

Select VP

N > IPSec VPN. The IPSec VPN submenu tabs display with the IKE Policies

screen in view. In the upper right of the screen, the IPv4 radio button is selected by default.

The IKE Policies screen displays the IPv4 settings. (The following figure shows some

previous next