ike policy

Reply
Highlighted
L4 Transporter

ike policy

What part of the configuration on the PA matching what is called the ike policy on the Cisco?

Highlighted
L6 Presenter

Re: ike policy

Hello Infotech,

It can be configured on following location. Let me know if you have further questions.

IKE.PNG

Regard,

Hardik Shah

Highlighted
L7 Applicator

Re: ike policy

Hello Infotech,

Ike policy defines different security parameter you are using for your IKE profile. On PAN firewall it's IKE-crypto.

ike-profile-1.jpg

Once, you will configure the IKE profile, then as a second step, you need to configure a IKE-gateway. It will included local IP, peer IP, exit interface, preshared key, Peer ID type etc.

ike-gateway..jpg

Hope this helps.

Thanks

Highlighted
L4 Transporter

Re: ike policy

There seem to be more than one policy on the ike policies on the cisco how do I know which one matches the PA?

Highlighted
L7 Applicator

Re: ike policy

Hello Infotech,

During the phase 1 negotiation, both gateways will exchange their IKE-crypto details and the common profile would be chosen for tunnel.

Thanks

Highlighted
L7 Applicator

Re: ike policy

Hello Infotech,

You may configure Max 3 IKE-crypto profile on PAN and at least one should be matched with CISCO.

Thanks

Highlighted
L4 Transporter

Re: ike policy

Unless there is des setup on the cisco and it doesn't appear to be available on the PA.

Highlighted
L6 Presenter

Re: ike policy

Hi Infotech,

DES is not secure, we only support 3DES and above protocols.

Regards,

Hardik Shah

Highlighted
L4 Transporter

Re: ike policy

I understand that but the cisco is old and I think it may have that option still trying to figure out what ike policy and priorities are and how they relate to the PA

Highlighted
L7 Applicator

Re: ike policy

PAN firewall supports bellow mentioned encryption technology for IPsec Phase 1 negotiation:

encryption-tech.jpg

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!