D-Link NetDefendOS User Manual page 689

used for higher group numbers and could lead to unacceptable tunnel setup times on slower
hardware platforms.
• IPsec Encryption
The encryption algorithm that will be used on the protected IPsec traffic.
This is not needed when AH is used, or when ESP is used without encryption.
The encryption algorithms supported by NetDefendOS are as follows:
i. AES
ii. Blowfish
iii. Twofish
iv. Cast128
v. 3DES
vi. DES
• IPsec Authentication
This specifies the authentication algorithm used on the protected traffic.
This is not used when ESP is used without authentication, although it is not recommended to
use ESP without authentication.
The authentication algorithms supported by NetDefendOS are as follows:
i. MD5
ii. SHA1
iii. SHA256
iv. SHA512
v. AES-XCBC (IKEv2 only)
• IPsec Lifetime
This is the lifetime of the VPN connection. It is specified in both time (seconds) and data
amount (in Kbytes). Whenever either of these values is exceeded, a re-key will be initiated,
providing new IPsec encryption and authentication session keys. If the VPN connection has
not been used during the last re-key period, the connection will be terminated, and
re-opened from scratch when the connection is needed again.
This value must be set lower than the IKE lifetime.
Diffie-Hellman Groups
Diffie-Hellman (DH) is a cryptographic protocol that allows two parties that have no prior
knowledge of each other to establish a shared secret key over an insecure communications
channel through a series of plain text exchanges. Even though the exchanges between the
parties might be monitored by a third party, the Diffie-Hellman technique makes it extremely
difficult for the third party to determine what the agreed shared secret key is and decrypt data
that is encrypted using that key.
689
Chapter 9: VPN