[IKEv2]
Overview
Configure the IKEv2 settings necessary for generation of common keys used in IPsec SA communication.
Tips
- Be sure to set at least one Diffie-Hellman Group.
- Even if the priority order is different, the registered Diffie-Hellman Groups cannot be duplicated.
Setting Items
Setting item | Description | |
|---|---|---|
[Local Authentication Method] | [Pre-Shared Key] | Sets the IKEv2 Local authentication method used for IPsec SA. |
[Digital Signature] | ||
[ESN] | [Enable] | Enables the ESN used for IPsec SA. Transfers a large volume of data at high speed, which minimizes the burden on the system. |
[Invalid] | Disables the ESN used for IPsec SA. | |
[Repley Detection] | [Enable] | Enables Replay Detection used in IPsec SA. Detects replay attacks and increases the security level. |
[Invalid] | Disables Replay Detection used in IPsec SA. | |
[Peer Authentication Method] | [Pre-Shared Key] | Set the authentication method of the other party to communicate using IKE. |
[Digital Signature] | ||
[Pre-Shared Key/Digital Signature] | ||
[ESP Encryption Algorithm]*1 | [AES-CBC] | Set the encryption algorithm used for ESP encryption. Set key length* when any of the following is selected.
*: Value that indicates the size of data (encryption key) used in encryption and decoding |
[3DES-CBC] | ||
[NULL] | ||
[AES-CTR] | ||
[AES-GCM-64] | ||
[AES-GCM] | ||
[ENC-NULL-AES-GMAC] | ||
[ESP Authentication Algorithm] | [SHA-1] | Set the authentication algorithm*1 used for ESP authentication. Set the length of the hash value*2 when [SHA-2] is selected. For details, refer to Setting Procedure (Setting [ESP Authentication Algorithm]). *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[AH Authentication Algorithm]*2 | [SHA-1] | Set the authentication algorithm*1 used for AH authentication. Set the length of the hash value*2 when [SHA-2] is selected. For details, refer to Setting Procedure (Setting [AH Authentication Algorithm]). *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[Perfect Forward Secrecy] | [ON] | Uses Perfect Forward Secrecy in IPsec SA. The IKE strength increases. |
[OFF] | Does not use Perfect Forward Secrecy in IPsec SA. | |
[Diffie-Hellman Group]*3 | [Priority 1] to [Priority 4] | Set Diffie-Hellman Group used to generate the common key required for communication for each priority order. Diffie-Hellman: Method of handing over common key used in common key encryption method. |
[OFF] | Does not use Diffie-Hellman Group. | |
*1 to *3: The following settings are required to use this function.
*1: Set [Security Protocol] to [ESP].
*2: Set [Security Protocol] to [AH].
*3: Set [Perfect Forward Secrecy] to [ON].
Setting Procedure (Setting [ESP Encryption Algorithm])
When [AES-CBC], [AES-CTR], [AES-GCM-64], [AES-GCM], or [ENC-NULL-AES-GMAC] is selected, set the AES key length.
1
Select [AES-CBC], [AES-CTR], [AES-GCM-64], [AES-GCM], or [ENC-NULL-AES-GMAC].
The setting screen is displayed.
2
Press [ON] or [OFF].
3
Select the key length when [ON] is selected.
4
Press [OK].
Setting Procedure (Setting [Diffie-Hellman Group])
1
Select [Priority 1].
The setting screen is displayed.
2
Select Diffie-Hellman Group.
3
Press [OK].
4
To set multiple Diffie-Hellman Groups, select [Priority 2] or later.
The setting screen is displayed.
5
Select Diffie-Hellman Group.
If you select [OFF], Diffie-Hellman Group is not set.
6
Press [OK].
in the upper-right of a page, it turns into 
and is registered as a bookmark.