Ipsec Profiles - Cisco RV345 Administration Manual

VPN
Pre-Shared Key
Phase 2 Options
Diffie-Hellman (DH) Group
Protocol Selection
Encryption
Authentication
SA Lifetime (Sec)
Step 12 Click Next to see the summary of all configurations.
Step 13 Click Submit.

IPsec Profiles

The IPsec profiles contain information related to the algorithms such as encryption, authentication, and DH
group for Phase I and II negotiations in auto mode. These profiles also contain keys for corresponding
algorithms in case keying mode is manual. The IPsec profiles are referred in any of IPsec VPN records like
site-to-site, client-to-site, or Teleworker VPN client
Pre-shared key to use to authenticate the remote IKE peer. You can enter up to 30
keyboard characters or hexadecimal values, such as My_@123 or 4d795f40313233.
Both ends of the VPN tunnel must use the same Pre-shared Key.
We recommend that you change the Pre-shared Key periodically to maximize VPN
security.
Select a DH group (Group 2 or Group 5) from the drop-down list. DH is a key exchange
protocol, with two groups of different prime key lengths: Group 2 has up to 1,024 bits,
and Group 5 has up to 1,536 bits.
For faster speed and lower security, choose Group 2. For slower speed and higher
security, choose Group 5. Group 2 is selected by default.
This is enabled only when Perfect Forward secrecy is enabled under Phase I
Note
Options.
Select a protocol from the drop-down list.
• ESP: Select ESP for data encryption and enter the encryption.
• AH: Select this for data integrity in situations where data is not secret but must
be authenticated.
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
Select an authentication (MD5, SHA1 or SHA2-256).
Amount of time a VPN tunnel (IPSec SA) is active in this phase. The default value for
Phase 2 is 3600 seconds.

IPsec Profiles

RV345/345P Administration Guide
77