Motorola SVG2500 User Manual page 99
Hide thumbs
Also See for SVG2500:
- User manual (175 pages) ,
- Quick installation manual (32 pages) ,
- Safety and regulatory information manual (17 pages)
Advertisement
This document is uncontrolled pending incorporation in PDM
10 SVG2500 VPN PAGES
Field
IPsec Settings
Pre-shared key
Phase 1 DH group
Phase 1 encryption
Phase 1 authentication
Phase 1 SA lifetime
Description
With VPN tunnels, there are two phases of Security Association
(SA). Phase 1 is used to create an IKE SA. After Phase 1 is
completed, Phase 2 is used to create one or more IPSEC SAs,
which are then used to key IPSEC sessions.
If one side of the VPN tunnel is using a unique firewall identifier (or
Pre-shared Key), the firewall identifier or Pre-shared Key should be
entered in the "Pre-shared Key" field.
There are three Diffie-Hellman groups to choose from: 768 bits,
1024 bits, and 1536 bits.
Diffie-Hellman is a cryptographic technique that uses public and
private keys for encryption and decryption. The higher number of
bits selected from the options list the more secure the encryption.
Options: Group 1 (768 bits), Group 2 (1024 bits), or
Group 5 (1536 bits).
Encryption is used to secure the VPN connection between
endpoints. Five different types of encryption are available: DES,
3DES, AES-128, AES-192, and AES-256. Any form off encryption
may be selected as long as the far endpoint matches. One of the
more common settings here is 3DES; however, AES is also a very
strong encryption method.
Authentication acts as another level of security. The two types of
authentication available are MD5 and SHA. SHA is recommended
because it is more secure. Either authentication type may be used
as long as the other end of the VPN tunnel uses the same method.
Specifies the lifetime of individual rotating keys.
Enter the desired number of seconds for the key to last until a re-
key negotiation between each endpoint is negotiated. The default
setting is 28,800 seconds.
A smaller lifetime is generally more secure, since it would give an
attacker a smaller amount of time to try to crack the key, but key
negotiation does take up bandwidth, so network throughput will be
sacrificed with small lifetimes. Entries here are typically in the
thousands or tens of thousands of seconds.
113
Advertisement
Related Manuals for Motorola SVG2500
Related Products for Motorola SVG2500
- Motorola SURFboard SVG1501
- Motorola SURFboard SVG2501
- Motorola SURFboard SVG1501E
- Motorola SURFboard SVG1501UE
- Motorola SURFboard SVG2501U
- Motorola SURFboard SVG1501U
- MOTOROLA SVG2500 SURFBOARD DIGITAL VOICE WIRELESS GATEWAY - annexe 1
- MOTOROLA SVG2500 SURFBOARD DIGITAL VOICE WIRELESS GATEWAY - annexe 2