Cisco SRP521W Administration Manual page 122

Configuring VPN
IPSec Policy
Services Ready Platform SRP 500 Series Administration Guide
Field
General
Policy Number
Policy Name
Policy Type
Remote Endpoint
Encryption
Algorithm
Integrity Algorithm
Auto Policy Parameters
PFS
Pre Shared Key
SA Lifetime
Manual Policy Parameters
SPI Incoming
SPI Outgoing
Encryption
Algorithm Key
Description
The policy index that you are going to configure.
A unique name for bringing up a tunnel.
There are two types, Auto Policy and Manual Policy. The
Auto Policy type will use IKE protocol to negotiate
random keys, therefore it first requires an IKE policy as
well. The Manual Policy type will NOT use IKE, which is
more simple, but less secure.
The remote gateway that you are going to connect to
establish a IPSec VPN tunnel. Your choices are IP
Address, Any, or FQDN. The Any option will only appear
in Auto Policy and is available to increase security level
for roaming users. The FQDN option requires a Full
Qualified Domain Name. Ensure that the domain name
can be resolved into IP address by a correct DNS server
if the VPN tunnel can not be established.
Encryption algorithm of IPSec SA. Choices are DES,
3DES, AES128, AES192, and AES256.
Authentication algorithm for IPSec SA. Choices are MD5
and SHA1.
Perfect Forward Secrecy, if enabled, it can prevent a
new key from being predictable by previous one.
Used by IKE.
IPSec SA life time in seconds.
A HEX value, range from 0x100 to 0xffffffff.
A HEX value, range from 0x100 to 0xffffffff.
A HEX value, the length depends on the key type of
Encryption Algorithm above. For example, 3DES length
is 32.
7
122