IKE negotiation process ························································································································· 313
IKE security mechanism ························································································································· 314
Protocols and standards ························································································································ 315
FIPS compliance ············································································································································ 315
IKE configuration task list ······························································································································· 315
Configuring an IKE profile ······························································································································ 316
Configuring an IKE proposal ·························································································································· 318
Configuring an IKE keychain ·························································································································· 319
Configuring IKE DPD ····································································································································· 321
Enabling invalid SPI recovery ························································································································ 322
Displaying and maintaining IKE ····················································································································· 324
IKE configuration examples ··························································································································· 324
Troubleshooting IKE ······································································································································ 331
Configuring IKEv2 ······················································································· 336
Overview ························································································································································ 336
IKEv2 negotiation process ····················································································································· 336
New features in IKEv2 ···························································································································· 337
Protocols and standards ························································································································ 337
IKEv2 configuration task list ··························································································································· 337
Configuring an IKEv2 profile ·························································································································· 338
Configuring an IKEv2 policy ··························································································································· 341
Configuring an IKEv2 proposal ······················································································································ 342
Configuring an IKEv2 keychain ······················································································································ 343
IKEv2 configuration examples ······················································································································· 346
Troubleshooting IKEv2 ··································································································································· 354
Configuring SSH ························································································· 356
Overview ························································································································································ 356
How SSH works ····································································································································· 356
SSH authentication methods ·················································································································· 357
SSH support for Suite B ························································································································· 358
Protocols and standards ························································································································ 358
FIPS compliance ············································································································································ 359
Generating local key pairs ······················································································································ 359
Enabling the Stelnet server ···················································································································· 360
Enabling the SFTP server ······················································································································ 360
vii