Table of Contents
Advertisement
Key Management
Security Association
List
Key Type – Two key types are available for the key exchange
management - Manual Key and Auto Key:
•
Manual Key – If manual key is selected, no key negotiation is
needed. The following fields to be set are:
1.
Encryption Key –This field specifies a key to encrypt and
decrypt IP traffic.
2.
Authentication Key – This field specifies a key to use to
authenticate IP traffic.
3.
Inbound/out bound SPI (Security Parameter Index) – This
information is carried on the ESP header. Each tunnel must
have a unique inbound and outbound SPI and no two tunnels
share the same SPI. Note that the Inbound SPI must match the
other router's outbound SPI.
•
AutoKey (IKE) – There are two types of operation modes which
can be used in Phase 1 Negotiation:
1.
Main mode – Accomplishes a Phase 1 IKE exchange by
establishing a secure channel.
2.
Aggressive Mode – This is another way of accomplishing a
phase one exchange. It is faster and simpler than Main Mode
but does not provide identity protection for the negotiating
nodes.
•
Perfect Forward Secrecy (PFS) – If PFS is enabled, Phase 2 IKE
negotiation will generate new key data for IP traffic encryption &
authentication. If set to Enable, a hacker using brute force in an
attempt to break encryption keys is not able to obtain other or
future IPSec keys.
•
Preshared Key – This field is used to authenticate the remote IKE
peer.
It is a "pass code" or "password" which must be the same one
used between both the local site and remote site. Otherwise the
VPN tunnel will not be established.
•
Key Lifetime – This specifies the lifetime of the IKE generated
Key. If the time expires or passed data exceeds the allowed
volume, a new key will be renegotiated. By default, 0 is set for No
Limit.
The list will display the details of all Policy Setup configuration data
that you have entered. Modification can be made by clicking on a
selected row.
Page 58
Advertisement
Table of Contents
