Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-651

391

392

393

394

395

396

397

398

399

400

Dell PowerConnect W-Series ArubaOS 6.1 | User Guide Virtual Private Networks | 399

2. Enter a number into the Priority field to set the priority for this policy. Enter a priority to 1 for the

configuration to take priority over the Default setting.

3. Select the IKE version. Click the Version drop-down list and select V2 for IKEv2.

4. Set the Encryption type. Click the Encryption drop-down list and select one of the following encryption

types.

 DES

 3DES

 AES128

 AES192

 AES256

5. Set the HASH function. Click the Hash drop-down list and select one of the following hash types.

 MD5

 SHA

 SHA1-96

 SHA2-256-128

 SHA2-384-192

6. ArubaOS VPNs support IKEv2 client authentication using RSA digital certificates, or Elliptic Curve Digital

Signature Algorithm (ECDSA) certificates. To set the authentication type for the IKE rule, click the

Authentication drop-down list and select one of the following types:

 RSA

 ECDSA-256

 ECDSA-384

7. Diffie-Hellman is a key agreement algorithm that allows two parties to agree upon a shared secret, and is used

within IKE to securely establish session keys. To set the Diffie Hellman Group for the ISAKMP policy, click

the Diffie Hellman Group drop-down list and select one of the following groups:

 Group 1: 768-bit Diffie Hellman prime modulus group.

 Group 2: 1024-bit Diffie Hellman prime modulus group.

 Group 19: 256-bit random Diffie Hellman ECP modulus group.

 Group 20: 384-bit random Diffie Hellman ECP modulus group.

8. Set the Pseudo-Random Function (PRF) value. This algorithm is an HMAC function to used to hash certain

values during the key exchange.

 PRF-HMAC-MD5

 PRF-HMAC-SHA1

 PRF-HMAC-SHA256

 PRF-HMAC-SHA384

9. Set the Security Association Lifetime to define the lifetime of the security association, in seconds. The

default value is 7200 seconds. To change this value, uncheck the default checkbox and enter a value from 300

to 86400 seconds.

10. Click Done to activate the changes, and return to the previous window

Set the IPsec Dynamic Map

Dynamic maps enable IPsec SA negotiations from dynamically addressed IPsec peers. ArubaOS has a predefined

IPsec dynamic maps for IKEv2. If you do not want to use of these predefined maps, you can use the procedures

below to edit an existing map or create your own custom IPsec dynamic map instead.