Cradlepoint IBR1100 User Manual page 48

Cor series

Hide thumbs Also See for IBR1100:

Installation manual (5 pages)

Manual (162 pages)

User manual (104 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

page of 112

/ 112
Contents
Table of Contents
Bookmarks

Table of Contents

User Manual

IBR1100/IBR1150

for a successful tunnel negotiation. For greatest

compatibility, select all options; for greatest security,

select only the most secure options that your devices

support.

Exchange Mode: The IKE protocol has two modes

of negotiating phase 1 – Main (also called Identity

Protection) and Aggressive.

•

In Main mode, IKE separates the key information

from the identities, allowing for the identities

of peers to be secure at the expense of extra

packet exchanges.

•

In Aggressive mode, IKE tries to combine as much

information into fewer packets while maintaining

security. Aggressive mode is slightly faster but

less secure.

Because it has better security, Main mode is recommended for most users.

Key Lifetime: The lifetime of the generated keys of phase 1 of the IPsec negotiation from IKE. After the time

has expired, IKE will renegotiate a new set of phase 1 keys.

Encryption, Hash, and DH Groups

Each IKE exchange uses one encryption algorithm, one hash function, and one DH group to make a secure

exchange.

Encryption: Used to encrypt messages sent and received by IPsec.

•

AES 128

•

AES 256

•

DES

•

3DES

Hash: Used to compare, authenticate, and validate that data across the VPN arrives in its intended form and to

derive keys used by IPSec.

•

MD5

•

SHA1

•

SHA2 256

•

SHA2 384

•

SHA2 512

Note that some Encryption/Hash combinations (e.g., 3DES with SHA2 384/512) are computationally expensive,

impacting WAN performance. AES is as strong an encryption and performs much better than 3DES.

DH Groups: The DH (Diffie-Hellman) Group is a property of IKE and is used to determine the length of prime

numbers associated with key generation. The strength of the key generated is partially determined by the

strength of the DH Group. Group 5, for instance, has greater strength than Group 2.

•

Group 1: 768-bit key

•

Group 2: 1024-bit key

•

Group 5: 1536-bit key

In IKE Phase 1 you can only select one DH group if you are using Aggressive exchange mode.

+1.855.813.3385

cradlepoint.com

7/15/16

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Ibr1150 Ibr600b Ibr650b

Cradlepoint IBR1100 User Manual page 48

Hide quick links:

Related Manuals for Cradlepoint IBR1100

Related Products for Cradlepoint IBR1100

This manual is also suitable for:

Table of Contents