IKEv2 configuration task list
Determine the following parameters prior to IKEv2 configuration:
The strength of the algorithms for IKEv2 negotiation, including the encryption algorithms, integrity protection algorithms, PRF algorithms, and DH groups. Different algorithms provide different levels of protection. A stronger algorithm means better resistance to decryption of protected data but requires more resources. Typically, the longer the key, the stronger the algorithm.
The local and remote identity authentication methods.
To use the pre-shared key authentication method, you must determine the pre-shared key.
To use the RSA digital signature authentication method, you must determine the PKI domain for the local end to use. For information about PKI, see "Configuring PKI."
To configure IKEv2, perform the following tasks:
Tasks at a glance | Remarks |
---|---|
(Required.)Configuring an IKEv2 profile | N/A |
(Required.) Configuring an IKEv2 policy | N/A |
(Optional.) Configuring an IKEv2 proposal | If you specify an IKEv2 proposal in an IKEv2 policy, you must configure the IKEv2 proposal. |
Required when either end or both ends use the pre-shared key authentication method. | |
Configure global IKEv2 parameters
| The cookie challenging feature takes effect only on IKEv2 responders. |