IKE Proposals

An Internet Key Exhcnage (IKE) proposal defines a set of parameters used to establish a secure bidirectional connection across an untrusted medium, such as the Internet. IKE proposals defined in NetBox can be referenced by IKE policies, which are in turn employed by IPSec profiles.

Note

Some platforms refer to IKE proposals as ISAKMP, which is a framework for authentication and key exchange which employs IKE.

Fields

Name

The unique user-assigned name for the proposal.

Authentication Method

The strategy employed for authenticating the IKE peer. Available options are listed below.

Name
Pre-shared key
Certificate
RSA signature
DSA signature

Encryption Algorithm

The protocol employed for data encryption. Options include DES, 3DES, and various flavors of AES.

Authentication Algorithm

The mechanism employed to ensure data integrity. Options include MD5 and SHA HMAC implementations. Specifying an authentication algorithm is optional, as some encryption algorithms (e.g. AES-GCM) provide authentication natively.

Group

The Diffie-Hellman group supported by the proposal. Group IDs are managed by IANA.

SA Lifetime

The maximum lifetime for the IKE security association (SA), in seconds.