Filter
Top Products
25-65
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 25 Configuring IKE and IPsec Policies
Configuring IKEv2 Authentication in Site-to-Site VPNs
Field Reference
Table 25-14 IKEv2 Authentication Policy
Element Description
Global IKEv2 Authentication Settings Tab
Key Specification Use a preshared key for authentication in the VPN. Configure one of the
following:
• User Defined—Enter the desired global key and enter it again in
the Confirm field. The key can be 1 to 128 characters.
• Auto Generated—Have Security Manager generate a key for you.
Specify the following options to indicate how the key should be
generated:
–
Key Length—The length of the key that should be generated,
from 1 to 128.
–
Same Keys for All Tunnels—Select this option to generate
the same keys for all tunnels in the VPN. If you do not select
this option, different keys or pair of keys (if you select Same
Key for Tunnel Endpoints) are used for each tunnel.
–
Same Key for Tunnel Endpoints—Select this option to
generate the same key on each end of each tunnel within the
VPN. If you do not select this option, different keys are
generated on each end of the tunnel.
–
Regenerate Key (On Next Deployment)—Select this option
to generate new keys for the next deployment to the devices.
This allows you to easily re-key the VPN.
After a successful deployment, this check box is cleared so that
keys are not regenerated on the subsequent deployment. Select
the option each time you want to re-key the VPN.
PKI Specification The name of the PKI enrollment policy object that defines the trustpoint
for IKEv2 connections. A trustpoint represents a Certificate Authority
(CA)/identity pair and contains the identity of the CA, CA-specific
configuration parameters, and an association with one enrolled identity
certificate. Click Select to select the PKI enrollment object or to create
a new object.