Skip header
 

Security Association

This machine uses encryption key exchange as the key setting method. With this method, agreements such as the IPsec algorithm and key must be specified for both sender and receiver. Such agreements form what is known as an SA (Security Association). IPsec communication is possible only if the receiver's and sender's SA settings are identical.

The SA settings are auto configured on both parties' machines. However, before the IPsec SA can be established, the ISAKMP SA (Phase 1) settings must be auto configured. When this is done, the IPsec SA (Phase 2) settings, which allow actual IPsec transmission, will be auto configured.

Also, for further security, the SA can be periodically auto updated by applying a validity period (time limit) for its settings. This machine only supports IKEv1 for encryption key exchange.

Multiple settings can be configured in the SA.

Settings 1-10

You can configure ten separate sets of SA details (such as different shared keys and IPsec algorithms).

IPsec policies are searched through one by one, starting at [No.1].