mirror of
https://github.com/netbox-community/netbox.git
synced 2025-07-21 03:27:21 -06:00
6678880db5
- Introduces a new `vpn` app with the following models:
- Tunnel
- TunnelTermination
- IKEProposal
- IKEPolicy
- IPSecProposal
- IPSecPolicy
- IPSecProfile
40 lines
1.5 KiB
Markdown
40 lines
1.5 KiB
Markdown
# IKE Proposals
|
|
|
|
An [Internet Key Exhcnage (IKE)](https://en.wikipedia.org/wiki/Internet_Key_Exchange) proposal defines a set of parameters used to establish a secure bidirectional connection across an untrusted medium, such as the Internet. IKE proposals defined in NetBox can be referenced by [IKE policies](./ikepolicy.md), which are in turn employed by [IPSec profiles](./ipsecprofile.md).
|
|
|
|
!!! note
|
|
Some platforms refer to IKE proposals as [ISAKMP](https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol), which is a framework for authentication and key exchange which employs IKE.
|
|
|
|
## Fields
|
|
|
|
### Name
|
|
|
|
The unique user-assigned name for the proposal.
|
|
|
|
### Authentication Method
|
|
|
|
The strategy employed for authenticating the IKE peer. Available options are listed below.
|
|
|
|
| Name |
|
|
|----------------|
|
|
| Pre-shared key |
|
|
| Certificate |
|
|
| RSA signature |
|
|
| DSA signature |
|
|
|
|
### Encryption Algorithm
|
|
|
|
The protocol employed for data encryption. Options include DES, 3DES, and various flavors of AES.
|
|
|
|
### Authentication Algorithm
|
|
|
|
The mechanism employed to ensure data integrity. Options include MD5 and SHA HMAC implementations.
|
|
|
|
### Group
|
|
|
|
The [Diffie-Hellman group](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) supported by the proposal. Group IDs are [managed by IANA](https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8).
|
|
|
|
### SA Lifetime
|
|
|
|
The maximum lifetime for the IKE security association (SA), in seconds.
|