AutoKey IKE Gateway Configuration

You can configure a remote gateway for an AutoKey IKE VPN tunnel. The configured gateway appears in the list of predefined remote gateways when you configure the AutoKey IKE VPN tunnel. (See AutoKey IKE VPN Tunnel Configuration.)

To Configure an AutoKey IKE Gateway

  1. Gateway Name: Enter the name of the VPN tunnel you want to create.  You can use up to a maximum of 32 characters.

  2. Security Level: Setting a security level is an alternative to setting Phase 1 and Phase 2 proposals. By selecting a security level, ScreenOS automatically applies the proposals predefined for that security level. Select one of the following security levels:

Standard: The predefined Phase 1 proposals for the Standard security level are pre-g2-aes128-sha and pre-g2-3des-sha.

Compatible: The predefined Phase 1 proposals for the Compatible security level are pre-g2-3des-sha, pre-g2-3des-md5, pre-g2-des-sha, and pre-g2-des-md5.

Basic: The predefined Phase 1 proposals for the Low security level are pre-g1-des-sha, and pre-g1-des-md5.

Custom: Select this option if you want to define your own proposals. You can define the proposals on the advanced configuration page.

  1. Remote Gateway Type: Select one of the following types:  

Static IP Address: Select this option and enter the fixed IP address or hostname (or hostname + domain name) of the remote gateway.

Dynamic IP Address: Select this option and enter the Peer ID of the Dynamic IP Address. This can be an e-mail address, a fully qualified domain name (FQDN), or an IP address.

Dialup User: Select this option and select a dialup user from the drop-down list.

Dialup User Group: Select this option and select a dialup user group from the drop-down list.

  1. Preshared Key: Enter the same ASCII value that the user will be entering at the other end.

Use As Seed: Select this option to use the preshared key as the seed value.

  1. Local ID: (Required only for certificates) Enter the e-mail address, fully qualified domain name (FQDN), or IP address that appears in the certificate that you want the remote gateway to use for authentication.

  2. Outgoing Interface: Select the interface that you want to use to terminate the VPN tunnel on the local device.

  3. Click OK to save your settings.

  4. Click Advanced to complete the AutoKey IKE VPN configuration. For more information, see AutoKey IKE Gateway Advanced Configuration.