x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF

Technical Support

Need help?

 

How can I configure the IKE I and IKE II phase policies in Panda GateDefender Integra?

Information applies to:

Products
Panda GateDefender Integra 100
Panda GateDefender Integra 300 

IKE (Internet Key Exchange) is the protocol that allows the exchange and management of keys and other parameters securely during initial negotiation, between the parties implied in the IPSec tunnel. The policies defined by the IKE protocol are configured through the Panda GateDefender Integra console.

 

Instructions to create and modify policies in Phase I (IKE I):

  1. Go to the Panda GateDefender Integra administration console.
  2. Click on VPN in the panel on the left.

    Then select VPN management, and then IPSec VPN management.
  3. Click on the IKE phase I tab, at the top of the window, to define the policies of this phase.

    When you click on Add, a new policy will be added, which will be defined by the following parameters:

    • Name: Descriptive name of the policy.
    • Force algorithms: Use the checkbox to force algorithms in the policy.
    • Encryption: Type of algorithms to be used for the encryption. Three drop-down menus are enabled with all available encryptions.
    • Authentication: Type of algorithms to be used for the authentication. Three drop-down menus are enabled with all available authentications.
    • DH method: Diffie-Hellman method to be used in the policy. These are different algorithms for exchanging keys. The difference between the different DH groups is based on the length of the prime numbers applied in the calculations. So, there are groups 1, 2 and 5 that use prime numbers of 768, 1024 and 1536 bits respectively. A drop-down menu is enabled with all available encryptions. For security reasons it is advisable to use at least group 2.
    • Key lifespan: This parameter is optional. When enabling the corresponding checkbox, you can specify if it will be necessary to renew the key after a given number of seconds.

If you want to alter the data related to any policy in the list, select it and click on Modify. If you want to delete it, select it and click on Remove.

 

Instructions to create and modify policies in Phase II (IKE II):

  1. Go to the Panda GateDefender Integra administration console.
  2. Click on VPN in the panel on the left.

    Then select VPN management, and then IPSec VPN management.
  3. Click on the IKE phase II tab, at the top of the window, to define the policies of this phase.

    When you click on Add, a new policy will be added, which will be defined by the following policies:

    • Name: Descriptive name of the policy.
    • Force algorithm: Use the checkbox to force algorithms in the policy.
    • Encryption: Type of algorithms to be used for the encryption. Three drop-down menus are enabled with all available encryptions.
    • Authentication: Type of algorithms to be used for the authentication. Three drop-down menus are enabled with all available authentications.
    • PFS  (Perfect Forward Secrecy): Maximum confidentiality in forwarding. With PFS, use of the key exchange protocol does not compromise security of the keys previously negotiated because the exchange of the DH keys is carried out separately for each of the negotiated SAs. Use the drop-down menu to select the option you want.
    • Key renewal: This parameter is optional. When enabling the corresponding checkbox, you can specify if it will be necessary to renew the key after a given number of seconds.

If you want to enter a new policy, click on the Add button. If you want to alter the data related to any policy in the list, select it and click on Modify. If you want to delete it, select it and click on Remove.

 

NOTE: IKE operates on UDP (port 500), and it is therefore essential to define the rules in the firewall to allow IKE packet traffic.

 

Additional information

For more information about the IKE I and IKE II phase policies, click here.

Help nº- 20070702 31422 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT