Cisco RV340 Series Easy Setup Manual page 7
Security router
Hide thumbs
Also See for RV340 Series:
- Administration manual (110 pages) ,
- Quick start manual (13 pages) ,
- Quick start manual (10 pages)
Table of Contents
Advertisement
13
14
15
16
MEMO: Phase 2 Options
Diffie-Hellman (DH) Group
●
Select a DH group from the drop-down list. This is enabled only when Perfect Forward se-
crecy is enabled under Phase 1 Options.
Protocol Selection
●
Select a protocol from the drop-down list.
Encryption
●
Select an encryption option from the drop-down list.
Authentication
●
Select an authentication.
SA Lifetime (Sec)
●
Amount of time a VPN tunnel (IPSec SA) is active in this phase. The default value for Phase
2 is 3600 seconds.
13
Select the [IPSec profile]
from the drop-down list.
If you select [Default], skip to
.
14
If you select [New Profile],
enter the required infor-
mation.
Refer to the MEMO.
15
Click [Next].
16
Click [Submit].
MEMO: Phase 1 Options
Diffie-Hellman (DH) Group
●
Select a DH group (Group 2 or Group 5) from the drop-down list. DH is a key exchange
protocol, with two groups of different prime key lengths: Group 2 has up to 1,024 bits, and
Group 5 has up to 1,536 bits.
For faster speed and lower security, choose Group 2. For slower speed and higher security,
choose Group 5. Group 2 is selected by default.
Encryption
●
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the drop-down
list. This method determines the algorithm used to encrypt or decrypt ESP/ISAKMP packets.
Authentication
●
The authentication method determines how the Encapsulating Security Payload Protocol
(ESP) header packets are validated. The MD5 is a one-way hashing algorithm that produces
a 128-bit digest. The SHA1 is a one-way hashing algorithm that produces a 160-bit digest.
The SHA1 is recommended because it is more secure. Make sure that both ends of the
VPN tunnel use the same authentication method. Select an authentication (MD5, SHA1 or
SHA2-256).
SA Lifetime (Sec)
●
Amount of time an IKE SA is active in this phase. The default value for Phase 1 is 28,800
seconds.
Perfect Forward Secrecy (PFS)
●
Check Enable to enable PFS and enter the lifetime in seconds, or uncheck Enable to disable.
When the PFS is enabled, the IKE Phase 2 negotiation generates a new key for the IPSec
traffic encryption and authentication. Enabling this feature is recommended.
Pre-Shared Key
●
Pre-shared key to use to authenticate the remote IKE peer. You can enter up to 30 keyboard
characters or hexadecimal values, such as My_@123 or 4d795f40313233. Both ends of the
VPN tunnel must use the same Pre-shared Key.
We recommend that you change the Pre-shared Key periodically to maximize VPN security.
4
Using VPN Setup Wizard
Cisco RV340 Series Security Router Easy Setup Guide
Advertisement
Table of Contents
