Справочник Пользователя для D-Link DSR-1000
Unified Services Router
User Manual
93
Figure 56 : IP sec poli cy conf igura tio n
Once the tunnel type and endpoints of the tunn el are defined you can determine the
Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode
setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key
Exchange (IKE) protocol dynamically exchanges k eys between two IPsec hosts. The
Phase 1 IKE parameters are used to define the tunnel‘s security association details.
The Phase 2 Auto policy parameters cover the security association lifetime and
encryption/authentication details of the phase 2 key negot iation.
Phase 1 / Phase 2 negotiation to use for the tunnel. This is covered in the IPsec mode
setting, as the policy can be Manual or Auto. For Auto policies, the Internet Key
Exchange (IKE) protocol dynamically exchanges k eys between two IPsec hosts. The
Phase 1 IKE parameters are used to define the tunnel‘s security association details.
The Phase 2 Auto policy parameters cover the security association lifetime and
encryption/authentication details of the phase 2 key negot iation.
The VPN policy is one half of the IKE/VPN policy pair required to establish an Auto
IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN
endpoints are configured here, along with the policy parameters required to secure the
tunnel
IPsec VPN tunnel. The IP addresses of the machine or machines on the two VPN
endpoints are configured here, along with the policy parameters required to secure the
tunnel