1. Manuals
  2. Brands
  3. UTT Manuals
  4. Network Router
  5. HiPER 840G
  6. Advanced configuration manual

UTT HiPER 840G Advanced Configuration Manual page 149

Hide thumbs
Table of Contents

Advertisement

UTT Technologies
There are five basic DH groups (UTT VPN gateway supports DH groups 1, 2, and 5).
Each DH group has a different size modulus. A larger modulus provides higher security,
but requires more processing time to generate the key. The modulus of DH groups 1, 2,
and 5 are as follows:
DH Group 1: 768-bit modulus
DH Group 2: 1024-bit modulus
DH Group 5: 1536-bit modulus
Note
Both endpoints of an IPSec tunnel should use the same DH group because each
group has a different size modulus.
In the Web UI, you can go to the VPN > IPSec > IPSec Settings page to click the Advanced Options
hyperlink to select DH groups by Encrypt/Auth Algorithms 1 ~ Encrypt/Auth Algorithms 4 (Phase 1)
(section 6.1.2.2).
2. IKE Phase 2
Once an IKE SA is established successfully in phase 1, the two IPSec endpoints will use it
to negotiate IPsec SAs in phase 2. The IPSec SAs are used to secure the user data to be
transmitted through the IPSec tunnel.
During IKE Phase 2, the two IPSec endpoints also exchange security proposals to
determine which security parameters to be used in the IPSec SAs. A phase 2 proposal
consists of one or two IPSec security protocols (either ESP or AH, or both), the encryption
and/or authentication algorithms used with the selected security protocol, and a
Diffie-Hellman if Perfect Forward Secrecy (PFS) is desired. Note that the UTT VPN
gateway doesn't support PFS at present.
IKE phase 2 has one mode, which is called Quick Mode. Quick mode uses three
messages to establish IPSec SAs.
In the Web UI, it allows you to configure up to four phase 2 proposals. You can go to the VPN > IPSec >
IPSec Settings page to configure P2 Encrypt/Auth Algorithms 1, and then click the Advanced
Options hyperlink to configure Encrypt/Auth Algorithms 2 ~ Encrypt/Auth Algorithms 4 (Phase 2)
(section 6.1.2.2).
9.5.1.5 Maintain Security Associations (SAs)
After the SAs have been established, the two IPSec endpoints should maintain the SAs to
ensure that the SAs are secure and available. IPSec provides the following methods to
maintain and detect SAs.
1. SA Lifetime
During IKE and IPSec SAs negotiation and creation, the two IPSec endpoints also
http://www.uttglobal.com
Chapter 10 VPN
Page
18218218
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for UTT HiPER 840G

Related Products for UTT HiPER 840G

Table of Contents