Create or Edit an IKEv2 IPsec Proposal Object

There are several pre-defined IKEv2 IPsec proposals. You can also create new proposals to implement other combinations of security settings. You cannot edit or delete system-defined objects.

The following procedure explains how you can create and edit objects directly through the Objects page. You can also create IKEv2 IPsec Proposals objects while editing the IKEv2 IPsec settings in a VPN connection by clicking the Create New IPsec Proposal link shown in the object list.

Procedure


Step 1

In the left pane, click Objects > FDM Objects.

Step 2

Do one of these things:

  • Click the blue plus button and select FTD > IKEv2 IPsec Proposal to create the new object.

  • In the object page, select the IPsec proposal you want to edit and click Edit in the Actions pane at the right.

Step 3

Enter an object name for the new object.

Step 4

Configure the IKE2 IPsec proposal objects:

  • Encryption—The Encapsulating Security Protocol (ESP) encryption algorithm for this proposal. Select all the algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm until a match is agreed upon. For an explanation of the options, see Deciding Which Encryption Algorithm to Use.

  • Integrity Hash—The hash or integrity algorithm to use for authentication. Select all the algorithms that you want to allow. The system negotiates with the peer, starting from the strongest to the weakest algorithm until a match is agreed upon. For an explanation of the options, see Deciding Which Hash Algorithms to Use.

Step 5

Click Add.