netbox-community-netbox/docs/models/vpn/ikeproposal.md

# IKE Proposals

An [Internet Key Exhcnage (IKE)](https://en.wikipedia.org/wiki/Internet_Key_Exchange) proposal defines a set of parameters used to establish a secure bidirectional connection across an untrusted medium, such as the Internet. IKE proposals defined in NetBox can be referenced by [IKE policies](./ikepolicy.md), which are in turn employed by [IPSec profiles](./ipsecprofile.md).

!!! note
    Some platforms refer to IKE proposals as [ISAKMP](https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol), which is a framework for authentication and key exchange which employs IKE.

## Fields

### Name

The unique user-assigned name for the proposal.

### Authentication Method

The strategy employed for authenticating the IKE peer. Available options are listed below.

| Name           |
|----------------|
| Pre-shared key |
| Certificate    |
| RSA signature  |
| DSA signature  |

### Encryption Algorithm

The protocol employed for data encryption. Options include DES, 3DES, and various flavors of AES.

### Authentication Algorithm

The mechanism employed to ensure data integrity. Options include MD5 and SHA HMAC implementations. Specifying an authentication algorithm is optional, as some encryption algorithms (e.g. AES-GCM) provide authentication natively.

### Group

The [Diffie-Hellman group](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) supported by the proposal. Group IDs are [managed by IANA](https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8).

### SA Lifetime

The maximum lifetime for the IKE security association (SA), in seconds.
Closes #9816: VPN tunnel support (#14276) - Introduces a new `vpn` app with the following models: - Tunnel - TunnelTermination - IKEProposal - IKEPolicy - IPSecProposal - IPSecPolicy - IPSecProfile 2023-11-27 16:17:15 -05:00			`# IKE Proposals`

			`An [Internet Key Exhcnage (IKE)](https://en.wikipedia.org/wiki/Internet_Key_Exchange) proposal defines a set of parameters used to establish a secure bidirectional connection across an untrusted medium, such as the Internet. IKE proposals defined in NetBox can be referenced by [IKE policies](./ikepolicy.md), which are in turn employed by [IPSec profiles](./ipsecprofile.md).`

			`!!! note`
			`Some platforms refer to IKE proposals as [ISAKMP](https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol), which is a framework for authentication and key exchange which employs IKE.`

			`## Fields`

			`### Name`

			`The unique user-assigned name for the proposal.`

			`### Authentication Method`

			`The strategy employed for authenticating the IKE peer. Available options are listed below.`

			`\| Name \|`
			`\|----------------\|`
			`\| Pre-shared key \|`
			`\| Certificate \|`
			`\| RSA signature \|`
			`\| DSA signature \|`

			`### Encryption Algorithm`

			`The protocol employed for data encryption. Options include DES, 3DES, and various flavors of AES.`

			`### Authentication Algorithm`

Fixes #14499: Relax requirements for encryption/auth algorithms on IKE & IPSec proposals 2023-12-19 11:18:26 -05:00			`The mechanism employed to ensure data integrity. Options include MD5 and SHA HMAC implementations. Specifying an authentication algorithm is optional, as some encryption algorithms (e.g. AES-GCM) provide authentication natively.`
Closes #9816: VPN tunnel support (#14276) - Introduces a new `vpn` app with the following models: - Tunnel - TunnelTermination - IKEProposal - IKEPolicy - IPSecProposal - IPSecPolicy - IPSecProfile 2023-11-27 16:17:15 -05:00
			`### Group`

			`The [Diffie-Hellman group](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) supported by the proposal. Group IDs are [managed by IANA](https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8).`

			`### SA Lifetime`

			`The maximum lifetime for the IKE security association (SA), in seconds.`