In this section:

Related articles:

This object specifies the name of the Internet Key Exchange (IKE) peer database entry. This name identifies an entry in the IKE Peer Database (IPD). The IPD is a list of remote devices that may become IPSec peers. The IPD establishes the authentication and other phase 1 criteria for the peer-to-peer negotiation to eventually reach an IKE Security Association (SA) between this specific peer and the SBC.

To View Peer

On the SBC main screen, navigate to All > Address Context > IPsec > Peer.

You can check the Peer for each Address Context or all the Address Contexts created. Use the drop-down box to select the desired Address Contexts.

The Peer window is displayed.

 


To Edit Peer

To edit any of the Peer in the list, click the radio button next to the specific Peer name.

The Edit Selected Peer window is displayed.

Make the required changes and click Save.

To Create Peer

To create a new Peer, click New Peer tab on the Peer List panel.

The Create New Peer window is displayed.

Example 1: When Auth Type = Psk

Example 2: When Auth Type = Rsa Sig

Peer Parameters:

Parameter

Description

Name

The name of the peer you are configuring.

IP Address V4 or V6

The IPv4 or IPv6 address of the peer.

Protocol

The SPD traffic selector IP PROTOCOL. Valid values:

  • Any – Use either version: IKEv1 or IKEv2
  • Ikev1 – Use IKE protocol version 1
  • Ikev2 – Use the enhanced IKE protocol version 2.

Pre Shared Key

Enter the pre-shared secret key to use with this peer.

The SBC accepts the pre-shared key in the following formats:

  • An ASCII string of 32 to 128 case-sensitive alphanumeric characters from the range of 0-9, a-z, space, and A-Z. Example: 1234567890abcdef1234567890ABCDEF.
  • A HEX encoding of an ASCII string of 16-64 case-sensitive alphanumeric characters from the range of 0-9, a-z, space, and A-Z converted into hexadecimal format starting with "0x". Example: 1234567890aBcDeF converted to a hexadecimal format 0x31323334353637383930614263446546.

In either case the given value represents a "pre-shared secret" between the SBC and the IKE peer. This value is used for mutual authentication for phase 1 negotiation to set up an IKE Security association.

Ribbon strongly recommends using unpredictable (difficult to guess) values. Use a unique value for each IKE peer. This string is never displayed in plaintext when using the CLI "show" commands.

Auth Type

The authentication method for this peer.

  • Psk (default) – Preshared key
  • Rsa Sig – RSA signature

Local Certificate1

Choose an available remote certificate from the drop-down menu.

Remote Certificate1

Choose an available remote certificate from the drop-down menu.

Protection
Profile

The name of the IKE protection profile to be applied to the Key management protocol exchange with this peer.

Local Identity The local identity type that the SBC presents to the peer during phase 1 authentication.
Type

The key management identity type.

  • FQDN
  • IP V4Addr
  • IP V6Addr
  • IP Vx Addr
Domain Name

The local identity domain name. Up to 255 characters are allowed.

1 The fields Local Certificate and Remote Certificate only display when Auth Type = Rsa Sig.

The IP Vx Addr attribute is not used at this time. If it is present, ignore it.

To Copy Peer

To copy any of the created Peer and to make any minor changes, click the radio button next to the specific Peer to highlight the row.

Click Copy Peer tab on the Peer List panel.

The Copy Selected Peer window is displayed along with the field details which can be edited. 

Make the required changes to the required fields and click Save to save the changes. The copied Peer is displayed at the bottom of the original Peer in the Peer List panel.

To Delete Peer

To delete any of the created Peer, click the radio button next to the specific Peer which you want to delete.

Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.

Click Yes to remove the specific Peer from the list.