Home >Documents >Security Tutorial v3.1.1 > 2. Operation > 2.2. Managed Firewall / Managed UTM Version2 > 2.2.13. IPsec Settings >2.2.13.2. IPsec Setting

2.2.13.2. IPsec Setting

Define parameters to be used for IPsec function.
Choose the encryption / authentication method to create a VPN tunnel with the other device.

2.2.13.2.1. IPsec Initial Settings

In default setting, any IPsec is not defined. Please set it according to customer's environment.

2.2.13.2.2. IPsec Setting items

Following are setting items of a Phase1 for IPsec Settings as described below:

Items

Values

Descriptions
Tunnel

(Auto-Assign)

Tunnel name Tunnel [1-15] is automatically added in order of creation. It can not be edited.

Name

(Blank when newly added) (When editing and duplicating, tunnel name)

The automatically assigned tunnel name is displayed. It can not be edited.

Interface

Port [ 4 - 10 ]

Select the interface to be associated with the Tunnel to be created.
Proposal [aes128-sha256]、[aes192-sha256]、[aes256-sha256]、[aes128-sha384]、[aes192-sha384]、[aes256-sha384]、[aes128-sha512]、[aes192-sha512]、[aes256-sha512]
Select Proporsal to use for Phase 1.
Multiple selections possible. Up to 9 Proposal can be selected.
DH Group

[14], [15], [16], [17], [18], [19], [20], [21], [27], [28], [29], [30], [31] ]
Select the DH group to be used in Phase 1.
Multiple selections possible. Up to 3 DH Group can be selected.
Remote Gateway xxx.xxx.xxx.xxx

Input the IP address of the opposite interface with decimal notation.
Pre Shared Key

(Half-width alphabetic characters & half-width numbers/symbol)
Input the key common to the other device.
Minimum 6 characters / maximum of 128 characters can be entered.
Any two-byte characters, such as Japanese, and the following signs are unavailable.
'"? (Backslash) Space (blank)

Note

  • When multiple Proposal and DH Groups are selected, they are used in negotiation in the order in which they are set.

  • When IPsec VPN is used via the Internet, it is necessary to assign Global IP Address to Interface of Managed FW / UTM.


Following are setting items of a Phase2 for IPsec Settings as described below:

Items

Values

Descriptions
Proposal [aes128-sha256]、[aes192-sha256]、[aes256-sha256]、[aes128-sha384]、[aes192-sha384]、[aes256-sha384]、[aes128-sha512]、[aes192-sha512]、[aes256-sha512]
Select Proporsal to use for Phase 2.
Multiple selections possible. Up to 9 Proposal can be selected.
DH Group

[14], [15], [16], [17], [18], [19], [20], [21], [27], [28], [29], [30], [31] ]
Select the DH group to be used in Phase 2.
Multiple selections possible. Up to 3 DH Group can be selected.

Note

  • When multiple Proposal and DH Groups are selected, they are used in negotiation in the order in which they are set.


Other setting items are as follows.

Items

Values

Descriptions
Comment

(Half-width alphabetic characters & half-width numbers)

Input the comments as necessary. You can not use the two-byte characters such as Japanese, within 225 words.


2.2.13.2.3. IPsec Setting Addition

1.Click IPsec Setting from the object screen on the left side of the screen.
Object ‣ IPsec VPN ‣ IPsec Setting

Click [Add] on the IPsec Setting screen on the right side of the screen.
Ipsec Setting Add

2.Click [ Save ] after you input the setting value.
For details of setting items, refer to Setting Items : IPsec.
Ipsec Setting Parameter

3.Click [Apply configuration] to apply the settings to the device.
変更の保存

Note

  • Be sure to perform [Apply configuration] of the IPsec Setting object before setting ": doc:` 4902 _ ipsec_routing` ": doc:` 4903 _ ipsec_policy` ".

  • The status of IPsec can be confirmed with ": doc:` 4007 _ ipsec_status_view``.



2.2.13.2.4. IPsec Setting Change (Update / Copy / Delete)

1.Click IPsec Setting from the object screen on the left side of the screen.
Object ‣ IPsec VPN ‣ IPsec Setting

Select the target changed change at the right-side of IPsec Setting screen, then clikc either button which you intend to operate.
Ipsec Setting Change

Following describes respective buttons of IPsec Setting.

Buttons

Descriptions

Edit

Modify the value at IPsec Setting that has already been set.

Duplicate
The tunnel name Tunnel [1-15] is automatically newly added and the object setting screen with the same value as the original setting is opened.
This is useful for you to define the another IPsec Setting with the same value.

Remove

Remove your selected IPsec Setting .

When you deleting one , the confirmation message will display. Please click [OK] to finally execute its deletion.
Ipsec Setting Change

Note

  • You can NOT remove any object, which has been utilizing at a IPsec Routing/Policy.


2.Click [Apply configuration] to apply the settings to the device.
変更の保存

Note

  • Be sure to perform [Apply configuration] of the IPsec Setting object before setting ": doc:` 4902 _ ipsec_routing` ": doc:` 4903 _ ipsec_policy` ".

  • The status of IPsec can be confirmed with ": doc:` 4007 _ ipsec_status_view``.


2.2.13.1. Basic Settings of IPsec
2.2.13.3. IPsec Routing