Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series

331

332

333

334

335

336

337

338

339

340

Switch Security

6-47

a. Configure a set of attributes for the new IKE policy:

b. Refer to the Status field for the current state of the requests made from applet. This field

displays error messages if something goes wrong in the transaction between the applet and

the switch.

c. Click OK to use the changes to the running configuration and close the dialog.

d. Click Cancel to close the dialog without committing updates to the running configuration.

6.7.3 Viewing SA Statistics

A security association (SA) is a description of how two peers employ a security technique to interoperate

securely. IKE requires SAs to identify connection attributes. IKE can negotiate and establish its own SA. An IKE

SA is used by IKE only, and is bi-directional.

To view SA statistics:

1. Select Security > IKE Settings from the main menu tree.

Priority Define the priority for the IKE policy. The available range is from 1 to 65,543,

with 1 being the highest priority value.

Encryption Set the encryption method used to protect the data transmitted between

peers. Options include:

• DES 56-bit DES-CBC. The default value.

• 3DES - 168-bit Triple DES.

• AES - 128-bit AES.

• AES 192 - 192-bit AES.

• AES 256 - 256-bit AES.

Hash Value Define the hash algorithm used to ensure data integrity. The hash value

validates a packet comes from its intended source and has not been modified

in transit. Options include:

• SHA - The default value.

• MD5 - MD5 has a smaller digest and is somewhat faster than SHA-1.

Authentication Type Set the authentication scheme used to validate the identity of each peer. Pre-

shared keys do not scale accurately with a growing network but are easier to

maintain in a small network. Options include:

• Pre-shared Key - Uses pre-shared keys.

• RSA Signature- Uses a digital certificate with keys generated by the RSA

signatures algorithm.

SA Lifetime Define an integer for the SA lifetime. The default is 60 seconds. With longer

lifetimes, security defines future IPSec security associations quickly.

Encryption strength is great enough to ensure security without using fast

rekey times. Motorola recommends using the default value.

DH Group Set the Diffie-Hellman group identifier. IPSec peers use the defined value to

derive a shared secret without transmitting it to one another.