D-Link DFL-600 Manual page 67

IKE Life Duration
IKE Hash
IKE Encryption
This is the duration (in seconds) the phase 1 key
after the tunnel is established. When this
duration has past, the two peers will trigger a
restart of the phase 1 negotiation to set up a new
phase 1 key. Phase 2 negotiation will also be
triggered to build a new tunnel.
This drop-down menu allows you to select the
algorithm that will be used to ensure that the
messages exchanged between the two IPSec
VPN tunnel endpoints has been received
exactly as it was sent. In other words, a Hash
algorithm is used to generate a binary number
by a mathematical operation using the entire
message. The resulting number is called a
message digest. The very same mathematical
operation is performed when the message is
received, and if there has been any change in
the message in transit, the resulting message
digest number will be different and the message
will be rejected. You can choose between MD5
− a 128-bit message digest, and SHA − which
generates a 160-bit message digest. You must
have exactly the same IKE Hash algorithm on
both ends of a VPN tunnel.
This drop-down menu allows you to select the
encryption algorithm that will be used to
encrypt the messages passed between the VPN
tunnel endpoints during the Phase 1 negotiation.
You can choose between DES and 3DES
encryption methods. The key length for the
3DES algorithm is three times as long as the
DES key, and is therefore more likely to be
secure. You must choose exactly the same IKE
Encryption algorithm on both ends of a VPN
tunnel.