Table of Contents
Advertisement
SIEMENS 5881 Broadband Internet Router
User's Guide
5. From the ESP Encryption Scheme drop-down menu, select one of the following to specify the algorithm
to use to encrypt ESP IPSec packets:
•
NONE: No ESP encapsulation and no encryption is used.
•
NULL: ESP encapsulation, but no data encryption. ESP encapsulation verifies the source, but data is
sent in the clear to increase throughput.
•
DES-CBC: Encrypts using a 56-bit key.
•
3-DES: Encrypts using three 56-bit keys to produce 168-bit encryption.
•
AES: Encrypts using a 128-, 192-, or 256-bit key.
6. If you selected AES as the encryption type, specify the key bit size to use in Key Length. This can be 128,
192, or 256.
7. In Phase II Proposal Lifetime, enter the number of seconds after the IPSec SA expires. The default is
1800 seconds. Once this time is elapsed, the system will renegotiate the IKE connection.
8. In Phase II Proposal Life Data, enter the amount of data, measured in kilobytes, before the IPSec SA
terminates. After the specified quantity of data has been transferred, the system will renegotiate the IKE
connection. If zero is entered, the data quantity will be unlimited. By setting a limit on the amount of data
transferred, the risk of a key becoming compromised is reduced.
9. Click Apply.
SIEMENS
Chapter 6 Security Setup
IKE/IPSec Configuration
71
Advertisement
Table of Contents
