Chapter 18
Internet Key Exchange
Hash
Authentication
D-H Group
Note
OL-4015-12
AES-192—Advanced Encryption Standard (AES) encryption with a 192-bit
•
key.
AES-256—Advanced Encryption Standard (AES) encryption with a 256-bit
•
key.
The authentication algorithm to be used for the negotiation. There are two
options:
Secure Hash Algorithm (SHA)
•
Message Digest 5 (MD5)
•
The authentication method to be used.
Pre-SHARE. Authentication will be performed using pre-shared keys.
•
RSA_SIG. Authentication will be performed using digital signatures.
•
Diffie-Hellman (D-H) Group. Diffie-Hellman is a public-key cryptography
protocol that allows two routers to establish a shared secret over an unsecure
communications channel. The options are as follows:
group1—768-bit D-H Group. D-H Group 1.
•
group2—1024-bit D-H Group. D-H Group 2. This group provides more
•
security than group 1, but requires more processing time.
•
group5—1536-bit D-H Group. D-H Group 5. This group provides more
security than group 2, but requires more processing time.
If your router does not support group5, it will not appear in the list.
•
Easy VPN servers do not support D-H Group 1.
•
Cisco Router and Security Device Manager 2.5 User's Guide
Internet Key Exchange (IKE)
18-5