D-Link DFL-600 Manual page 51

IKE Hash
IKE Encryption
Phase 2 Proposal
PFS Mode
triggered to build a new tunnel.
This drop-down menu allows you to select the
algorithm that will be used to ensure that the
messages exchanged between the two IPSec
VPN tunnel endpoints has been received
exactly as it was sent. In other words, a Hash
algorithm is used to generate a binary number
by a mathematical operation using the entire
message. The resulting number is called a
message digest. The very same mathematical
operation is performed when the message is
received, and if there has been any change in
the message in transit, the resulting message
digest number will be different and the message
will be rejected. You can choose between MD5
− a 128-bit message digest, and SHA − which
generates a 160-bit message digest. You must
have exactly the same IKE Hash algorithm on
both ends of a VPN tunnel.
This drop-down menu allows you to select the
encryption algorithm that will be used to
encrypt the messages passed between the VPN
tunnel endpoints during the Phase 1 negotiation.
You can choose between DES and 3DES
encryption methods. The key length for the
3DES algorithm is three times as long as the
DES key, and is therefore more likely to be
secure. You must choose exactly the same IKE
Encryption algorithm on both ends of a VPN
tunnel.
The following entries will establish the setup
for the negotiation between the two endpoints
for the encryption of messages once the VPN
tunnel has been initiated.
This drop-down menu allows you to specify the
mode that will be used for IPSec Perfect
Forward Security (PFS). The choices are
Disabled, Group 1, and Group 2. Group 1
51