Network Security Management Administration Guide

VPN Topology > IPsec VPN Topology > Security Associations
Table of Contents

Security Associations

Security Association (SA) is an agreement between two IPsec peers or endpoints. The Security Association contains all the information required for the two peers to exchange data securely. In particular IKE Security Associations are used to specify the type of authentication and which group to use.

To add security association

  1. Click Add to add new security association.

  2. There are 3 screens to add the association. Click Save after each screen to proceed or Cancel to exit.

  3. Basic - Enter the information in each screen :
    1. Security Association Name - Input a name to identify the security association

    2. Authentication Method- Choose an authentication method to establish a secure IPSec VPN.

      • IKE Using shared secret key - Selecting this option requires you to use IKE Phase 1 and 2.

      • Manual Key - Selecting this option opens IPSec SA options.

      • Certificates - Selecting this option lets you select local certificates for individual devices when creating a VPN Topology.

    3. Shared Secret Key - Password for the VPN gateway.
  4. IKE Phase 1
    1. Exchange Mode - Choose the mode.
    2. Authentication - Choose the authentication.
    3. Encryption - Choose the encryption.
    4. DH Group - Choose the DH group.
    5. LifeTime - Enter IKE Phase 1 Lifetime in seconds between 120 to 9999999.
  5. IKE Phase 2
    1. Protocol - Choose the protocol.
    2. Authentication - Choose the authentication.
    3. Encryption - Choose the encryption.
    4. Enable Perfect Forward Security - Check the box to enable or disable perfect forward security.
    5. LifeTime - Enter IKE Phase 2 Lifetime in seconds between 120 to 9999999.