IPsec policies

Internet Protocol Security (IPsec) profiles specify a set of encryption and authentication settings for an Internet Key Exchange (IKE). You can use profiles when setting up IPsec or L2TP connections. The default set of profiles supports some commonly used VPN deployment scenarios.

  • To duplicate a profile, click .

General settings

Key exchange
Internet Key Exchange (IKE) version to use. IKEv2 requires less bandwidth than IKEv1 and has EAP authentication and NAT traversal included, among other improvements.
Authentication mode
Mode to use for exchanging authentication (phase 1) information.
Key negotiation tries
Maximum number of key negotiation trials.
Allow re-keying
Allow the negotiation to be initiated automatically by either peer before the current key expires.
Pass data in compressed format
Pass data in compressed format to increase throughput.
SHA2 with 96-bit truncation
Available only for IKEv1. Enable truncation of SHA2 to 96 bits.

Phase 1

Key life
Lifetime of the key, in seconds.
Re-key margin
Time, in seconds, of the remaining life of the key after which the negotiation process should be re-attempted.
Randomize re-keying margin by
Factor by which the re-keying margin is randomized.
DH group
Diffie–Hellman group to use for encryption.
Algorithm combinations
Combination of encryption and authentication algorithms to use to ensure the integrity of the data exchange.

Phase 2

PFS group
Perfect Forward Secrecy group (Diffie–Hellman group) to use to force a new key exchange for each phase 2 tunnel.
Key life
Lifetime of the key, in seconds.
Algorithm combinations
Combination of encryption and authentication algorithms to use to ensure the integrity of the data exchange.

Dead peer detection

Dead peer detection
Check at specified interval to see whether peer is active.
Check peer after every
Interval, in seconds, at which peer is checked.
Wait for response up to
Time, in seconds, to wait for a peer response.
Action when peer unreachable
Action to take when peer is determined to be inactive.