This profile specify an encryption cipher, a maximum time period for maintaining a security association between these peers (the SA "lifetime"), and an antireplay policy. The three profiles are prioritized from one to three for usage with the SPD entry.
To View IPsec Protection Profile
On SBC main screen, go to Configuration > Security Configuration > IPsec Protection Profile. The IPsec Protection Profile window is displayed.
Figure 1: Security Configuration - IPsec Protection Profile
To Edit IPsec Protection Profile
To edit any of the IPsec Protection Profile in the list, click the radio button next to the specific IPsec Protection Profile name.
The Edit Selected IPsec Protection Profile window is displayed below.
Figure 2: Security Configuration - IPsec Protection Profile Edit Window
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.
To Create IPsec Protection Profile
To create a new IPsec Protection Profile, click New IPsec Protection Profile tab on the IPsec Protection Profile List panel.
Figure 3: Security Configuration - IPsec Protection Profile Fields
The Create New IPsec Protection Profile window is displayed.
Figure 4: Security Configuration - IPsec Protection Profile Create Window
The following fields are displayed:
Table 1: IPsec Protection Profile Parameters
Parameter | Description |
---|---|
| The name of the IPsec Protection Profile. |
| The SA Lifetime setting, in seconds. This is the maximum interval that any one Security Association will be maintained before possible re-keying. Must be 1200- 1,000,000, default is 28,800 (seconds). This parameter applies to the IKE SA when it appears in the IKE Protection Profile and to the IPsec SA when it appears in the IPsec Protection Profile. The default value corresponds to 8 hours. |
| Specifies the IPsec Protection Profile SA Lifetime setting in number of bytes. The default value is "unlimited" or enter value in range of (1000..4, 294, 967, 295) number of bytes. |
To Copy IPsec Protection Profile
To copy any of the created IPsec Protection Profile and to make any minor changes, click the radio button next to the specific IPsec Protection Profile to highlight the row.
Click Copy IPsec Protection Profile tab on the IPsec Protection Profile List panel.
Figure 5: Security Configuration - IPsec Protection Profile Fields
The Copy Selected IPsec Protection Profile window is displayed along with the field details which can be edited.
Figure 6: Security Configuration - IPsec Protection Profile Copy Window
The following fields are displayed:
Table 2: IPsec Protection Profile Parameters
Parameter | Description |
---|---|
| The name of the IPsec Protection Profile. |
| The SA Lifetime setting, in seconds. This is the maximum interval that any one Security Association will be maintained before possible re-keying. Must be 1200- 1,000,000, default is 28,800 (seconds). This parameter applies to the IKE SA when it appears in the IKE Protection Profile and to the IPsec SA when it appears in the IPsec Protection Profile. The default value corresponds to 8 hours. |
| Specifies the IPSec Protection Profile SA Lifetime setting in number of bytes. The default value is "unlimited" or enter value in range of (1000..4, 294, 967, 295) number of bytes. |
Esp Algorithms | |
Encryption | The IPsec Protection Profile Encryption Cipher. You can select multiple encryption. Options are:
|
Integrity | The IPsec Protection Profile integrity Cipher. You can select multiple parameters. Options are:
|
Make the required changes to the required fields and click Save to save the changes. The copied IPsec Protection Profile is displayed at the bottom of the original IPsec Protection Profile in the IPsec Protection Profile List panel.
To Delete IPsec Protection Profile
To delete any of the created IPsec Protection Profile, click the radio button next to the specific IPsec Protection Profile which you want to delete.
Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.
Click OK to remove the specific IPsec Protection Profile from the list.