•
AES-XCBC
•
Medium
This consists of the following, longer list of algorithms that provide less security but greater
compatibility with older endpoint devices:
•
3DES
•
AES
•
Twofish
•
SHA1
•
SHA256
•
SHA512
•
AES-XCBC
Example 9.1. Using an Algorithm Proposal List
This example shows how to create and use an IPsec Algorithm Proposal List for use in the VPN
tunnel. The 3DES and AES will be proposed as encryption algorithms. The hash functions SHA256
and SHA512 will be proposed for checking if the data packet is altered while being transmitted.
Note that this example does not illustrate how to add the specific IPsec tunnel object. It will also
be used in a later example.
Command-Line Interface
First create a list of IPsec Algorithms:
gw-world:/> add IPsecAlgorithms esp-l2tptunnel
Then, apply the algorithm proposal list to the IPsec tunnel:
gw-world:/> set Interface IPsecTunnel MyIPsecTunnel
Web Interface
First create a list of IPsec Algorithms:
1.
Go to: Objects > VPN Objects > IPsec Algorithms > Add > IPsec Algorithms
2.
Enter a name for the list, for example esp-l2tptunnel
3.
Now check the following:
•
3DES
•
AES
•
SHA256
•
SHA512
4.
Click OK
DES3Enabled=Yes
AESEnabled=Yes
SHA256Enabled=Yes
SHA512Enabled=Yes
IPsecAlgorithms=esp-l2tptunnel
695
Chapter 9: VPN