The SPI should be a string of hexadecimal [0-9,A-F] characters, and should not be used in any
other Security Association.
Note: For simplicity or troubleshooting, the Incoming and Outgoing SPI can be identical.
For Encryption Protocol, select one:
4.
Figure 6-23: VPN encryption options
•
Null - Fastest, but no security.
•
DES - Faster but less secure than 3DES or AES.
•
3DES - (Triple DES) higher level of security than DES.
•
AES - 128, - 192, or - 256. Most secure.
Enter the key according to the requirements of the Encryption Protocol you selected. Enter an
5.
Encryption Key in hexadecimal characters [0-9,A-F].
–
For DES, the key should be 8 characters.
–
For 3DES, the key should be 24 characters.
–
For AES 128, the key should be 16 characters
–
For AES 192, the key should be 24 characters
–
For AES 256, the key should be 32 characters
Any value is acceptable, provided the remote VPN endpoint has the same value in its
Pre-Shared Key field.The encryption key must match exactly the key used by the remote
router or host.
Select the Authentication Protocol
6.
•
MD5 (default) - 128 bits, faster but less secure.
•
SHA-1 - 160 bits, slower but more secure.
Enter hexadecimal characters [0-9,A-F] for the Authentication Key. The authentication key
7.
must match exactly the key used by the remote router or host.
–
For MD5, the key should be 16 characters.
–
For SHA-1, the key should be 20 characters.
Virtual Private Networking
Reference Manual for the Model FVS318 Broadband ProSafe VPN Firewall
M-10146-01
6-29