91
IPsec system maintains two databases: Security Policy Database (SPD) which defines whether to apply IPsec to a
packet or not and specify which/how IPsec-SA is applied and Security Association Database (SAD), which contain Key of
each IPsec-SA.
The establishment of the Security Association (IPsec-SA) between two peers is needed for IPsec communication. It
can be done by using manual or automated configuration.
Note: router starts establishing tunnel when data from router to remote site over tunnel is sent. For automatic
tunnel establishment used tunnel Keep Alive feature.
Field name
Value
Explanation
1.
Enable
Enabled/Disabled
Check box to enable IPSec.
2.
IKE version
IKEv1 or IKEv2
Method of key exchange
3.
Mode
“Main” or
“Aggressive”
ISAKMP (Internet Security Association and Key Management Protocol)
phase 1 exchange mode
4.
My identifier type
Address, FQDN,
User FQDN
Choose one accordingly to your IPSec configuration
5.
My identifier
Set the device identifier for IPSec tunnel.
In case RUT has Private IP, its identifier should be its own LAN network
address. In this way, the Road Warrior approach is possible.
6.
Dead Peer
Enabled/Disabled
The values clear, hold and restart all active DPD