IPsec Setting: SA Setting

Registers Security Associations (SA) used for encrypted communication, edits the registered SA, and deletes the registered SA.

  1. Display the IPsec Setting screen.

    • supplementary explanationThe procedures are the same as Steps 1 to 2 in "IPsec Setting (IKEv1 Setting)."

  2. Click Create in SA.

    • supplementary explanationWhen editing the registered SA, click Edit.

  3. Specify the SA setting.

    • supplementary explanationEnter the name of the SA in the Name field. Up to 10 one-byte characters can be used.

    • supplementary explanationEncapsulation Mode: Select the IPsec operation mode.

    • supplementary explanationTunnel End Point: Enter the IP address of the IPsec gateway used as the peer when Tunnel is selected in Encapsulation Mode.

    • supplementary explanationSecurity Protocol: Select a security protocol.

    • supplementary explanationKey Exchange Method: Select the method that safely generates the common key used for encrypted communication. When using a device that is not compatible with the automatic key exchange by IKE, select Manual Key; you can manually specify detailed parameters.

    • supplementary explanationLifetime After Establishing SA: Set the validity period of the common key generated for encryption of communication. The available range is 600 to 604800 (seconds).

  4. Configure the settings of IKE used for this SA.

    • supplementary explanationSelect the options from the Authentication Method, ESN, and Replay Detection drop-down lists.

    • supplementary explanationIf you have selected IKEv2 for Key Exchange Method. select the authentication method of the machine from Local Authentication Method, and select the method to authenticate the peer from Peer Authentication Method.

    • supplementary explanationSelect the checkboxes of ESP Encryption Algorithm, ESP Authentication Algorithm, and AH Authentication Algorithm to be set. Depending on the selected items, select the key length to be set from the Key Length drop-down list.

    • supplementary explanationTo enable Perfect Forward Secrecy capable of increasing the IKE strength, select the checkbox.

    • supplementary explanationSelect a group from the Diffie-Hellman Group(IKEv1) drop-down list.

    • supplementary explanationSet the priority of Diffie-Hellman Group(IKEv2). Select a group from each drop-down list of Priority1 to Priority4.

  5. If you have selected Manual Key for Key Exchange Method, configure the manual key settings.

    • supplementary explanationSelect an item from a drop-down list for Encryption Algorithm or Authentication Algorithm. Depending on the selected items, select the key length to be set from the Key Length drop-down list.

    • supplementary explanationEnter a value ranging from 256 to 4294967295 in each field of Receiving and Sending in SA Index.

    • supplementary explanationEnter a key in each field of Receiving and Sending in Common Key Encryption. You can enter up to 64 alphanumeric characters.

    • supplementary explanationEnter a key in each field of Receiving and Sending in Common Key Authentication. You can enter up to 64 alphanumeric characters.

  6. Click OK. Clicking Cancel cancels the setting.

  7. Click OK on the setting complete screen.

    The screen returns to the IPsec Setting screen.

  8. When deleting the SA, click Delete.

  9. Click OK on the confirmation screen. Click Cancel to cancel the deletion.

  10. Click OK on the setting complete screen.

    The screen returns to the IPsec Setting screen.