Proposal Lists; Ike Proposal List; Ipsec Proposal List - D-Link DFL-700 - Security Appliance Product Manual

Proposal Lists

To agree on the VPN connection parameters, a negotiation process is performed. As the
result of the negotiations, the IKE and IPSec security associations (SA) are established. As
the name implies, a proposal is the starting point for the negotiation. A proposal defines
encryption parameters, for instance encryption algorithm, life times etc, that the VPN gateway
supports.
There are two types of proposals, IKE proposals and IPSec proposals. IKE proposals are
used during IKE Phase-1 (IKE Security Negotiation), while IPSec proposals are using during
IKE Phase-2 (IPSec Security Negotiation).
A Proposal List is used to group several proposals. During the negotiation process, the
proposals in the proposal list are offered to the remote VPN gateway one after another until a
matching proposal is found.

IKE Proposal List

Cipher – Specifies the encryption algorithm used in this IKE proposal. Supported
algorithms are AES, 3DES, DES, Blowfish, Twofish, and CAST128.
Hash – Specifies the hash function used to calculate a check sum that reveals if the data
packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.
Life Times – Specifies in KB or seconds when the security associations for the VPN
tunnel need to be re-negotiated.

IPSec Proposal List

Cipher – Specifies the encryption algorithm used in this IPSec proposal. Supported
algorithms are AES, 3DES, DES, Blowfish, Twofish, and CAST128.
HMAC – Specifies the hash function used to calculate a check sum that reveals if the data
packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.
Life Times – Specifies in KB or seconds when the security associations for the VPN
tunnel need to be re-negotiated.