Cisco ESW-540-48 Administration Guide - Page 152
Configuring VPN, Configuring the IKE Policies for IPsec VPN, IPsec VPN Status,
![]() |
UPC - 882658251351
View all Cisco ESW-540-48 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 152 highlights
Configuring VPN Advanced Configuration of IPsec VPN 7 • Encryption Algorithm: Choose the algorithm that is used to encrypt the data. • Integrity Algorithm: Choose the algorithm that is used to verify the integrity of the data. • PFS Key Group: Check this box to enable Perfect Forward Secrecy (PFS) to improve security. While this option is slower, it ensures that a Diffie-Hellman exchange is performed for every phase-2 negotiation. • Select IKE Policy: Choose the IKE policy to define the characteristics of phase-1 of the negotiation. Configuring the IKE Policies for IPsec VPN, page 144. STEP 7 In the Redundant VPN Gateway Parameters area, enter the following information to create a backup policy for this policy: • Enable Redundant Gateway for this policy?: Check this box to make a backup policy for this policy. When the tunnel for this policy is down, the backup tunnel automatically becomes active. • Select Back- up Policy: Choose a policy to act as a backup of this policy. This list includes only those policies that can be configured as back up policies. NOTE A backup policy should meet the following conditions: 1. The Type should be Auto. 2. The DPD should be enabled. 3. The Direction should be either initiator or both. 4. The XAuth configuration should be None or IPsec Host. 5. The policy should be Gateway only, not client. • Failback time to switch from back-up to primary: Enter the number of seconds that must pass to confirm that primary tunnel has recovered from a failure. If the primary tunnel is up for the specified number of seconds, the security appliance will switch to the primary tunnel by disabling the backup tunnel. STEP 8 Click Apply to save your settings. NOTE Next steps: • To view the status of the VPN tunnels, click Status > VPN Status > IPsec Status. For more information, see IPsec VPN Status, page 210. • To view IPsec VPN logs, click Status > View Logs > IPsec VPN Logs. For more information, see IPsec VPN Logs, page 215. Cisco SA500 Series Security Appliances Administration Guide 152
![](/manual_guide/products/cisco-sa520k9-administration-guide-2168c30/152.png)