Phase 1 DH group
Phase 1 encryption
Phase 1 authentication
Phase 1 SA lifetime
10 • VPN Pages
Select one of the Diffie-Hellman groups: 768 bits, 1024 bits, or
Diffie-Hellman is a cryptographic technique that uses public
and private keys for encryption and decryption. The higher the
number of bits, the more secure the encryption. Options:
Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits).
Secure the VPN connection between endpoints: DES, 3DES,
AES-128, AES-192, or AES-256.
Select any encryption but make the far endpoints match.
Common encryption settings are 3DES and AES.
Set Authentication, another level of security, to SHA or MD5
Motorola recommends SHA because it is more secure but you
can use either authentication provided the other end of the
VPN tunnel uses the same method.
Specify the lifetime of individual rotating keys.
Enter the number of seconds for the key to last until a re-key
negotiation between each endpoint is negotiated. The default
setting is 28,800 seconds.
A smaller lifetime is generally more secure, since it would give
an attacker a smaller amount of time to try to crack the key,
however key negotiation takes up bandwidth, so network
throughput is sacrificed with small lifetimes. Entries are
typically in the thousands or tens of thousands of seconds.