Configure IKEv2 IPsec Proposal Objects

Procedure


Step 1

Choose Objects > Object Management and then VPN > IKEv2 IPsec Proposal from the table of contents.

Previously configured Proposals are listed including system defined defaults. Depending on your level of access, you may Edit Edit (edit icon), View View (View button), or Delete Delete (delete icon) a Proposal.

Step 2

Choose Add (add icon)Add IKEv2 IPsec Proposal to create a new Proposal.

Step 3

Enter a Name for this Proposal

The name of the policy object. A maximum of 128 characters is allowed.

Step 4

Enter a Description for this Proposal.

A description of the policy object. A maximum of 1024 characters is allowed.

Step 5

Choose the ESP Hash method, the hash or integrity algorithm to use in the Proposal for authentication.

Note

FTD does not support IPSec tunnels with NULL encryption. Make sure that you do not choose NULL encryption for IPSec IKEv2 proposal.

For IKEv2, select all the options you want to support for ESP Hash. For a full explanation of the options, see Deciding Which Hash Algorithms to Use.

Step 6

Choose the ESP Encryption method. The Encapsulating Security Protocol (ESP) encryption algorithm for this Proposal.

For IKEv2, click Select to open a dialog box where you can select all of the options you want to support. When deciding which encryption and Hash Algorithms to use for the IPsec proposal, your choice is limited to algorithms supported by the devices in the VPN. For a full explanation of the options, see Deciding Which Encryption Algorithm to Use.

Step 7

Click Save

The new Proposal is added to the list.