Define
Cryptographic Profiles
Where Can I Use This? | What Do I Need? |
A cryptographic profile specifies the ciphers used for authentication and/or encryption
between two IKE peers, and the lifetime of the key. The time period between each renegotiation
is known as the lifetime; when the specified time expires, the firewall renegotiates a new set
of keys.
For securing communication across the VPN tunnel, the firewall requires IKE and IPSec
cryptographic profiles for completing IKE phase-1 and phase-2 negotiations, respectively. The
firewall includes a default IKE Crypto profile and a default IPSec Crypto profile that are
ready for use. If you
don't want to use the default IKE or IPSec profiles or compliance suites provided, you can
configure your own IKE or IPSec profile using the configuration steps provided in this
chapter.
The cryptographic profiles (that is, IKE and IPSec profiles) provide information about the
algorithms that are used to authenticate, encrypt, and establish a shared secret between
network sites.
- Define
IKE Crypto profiles—The IKE profiles specify the algorithms that are used to authenticate,
encrypt, and establish a shared secret between network sites when you establish an IKE
tunnel. These IKE parameters should match on the remote firewall for the IKE phase 1
negotiation to be successful.
- Define
IPSec Crypto profiles —The IPSec profiles specify the algorithms that are used to
authenticate, encrypt, and establish a shared secret between network sites when you
establish an IPSec tunnel. These IPSec parameters should match on the remote firewall for
the IKE phase 2 negotiation to be successful.