Table of Contents
Advertisement
Variable
Existing Policies
Interface Name
Policy Status
Policy Type
IKE Phase 1 Proposal table
IPSec Encryption
IPSec Authentication
DH Group
Life Time
Exchange Mode
Life Time Value
Value
Select an existing policy for the IPsec policy.
Select the WAN interface for which you want to apply the policy.
Select the status of the IPsec policy.
Select INACTIVE to disable the policy on the specified interface.
Select ACTIVE to enable the policy on the specified interface.
The default is INACTIVE.
Select the policy type. Select one of the following:
•
IKE XAUTH
•
IKE Pre-Shared
Select the IPSec Encryption. Select one of the following options:
•
Data Encryption Standard (DES) – a standard for encrypting data that
uses a 64 bit key to encrypt data, but only 56 bits are used. This
standard is considered inadequate for data protection.
•
Triple Data Encryption Standard (3DES) – processes each block of
data using a different key each time, resulting in a significantly more
secure message.
•
Advanced Encryption Standard (AES128, AES192, AES256) – has a
fixed block size of 128 bits and a key size of 128, 192 or 256 bits. Due
to the fixed block size of 128 bits, AES operates on a 4x4 array of
bytes.
Select DES if you require network speed.
Select 3-DES if you require network security.
Select the preferred authentication method. Select one of the following
options:
•
HMAC-MAC5 - the message authentication code is calculated using
the MD5 cryptographic hash function. This cryptographic hash function
has some additional security properties with a 128-bit hash value,
which is commonly used to check the integrity of files.
•
HMAC-SHA1 - the message authentication code is calculated using
the SHA1 algorithm. This cryptographic hash function computes a
condensed digital representation to a high degree of probability.
Select the required Diffie-Hellman (DH) group. DH key exchange is used
to establish preshared keys. Select one of the following:
•
Group 1 – IKE uses a 768-bit Diffie- Hellman Prime modules group for
performing the new Diffie-Hellman exchange.
•
Group 2 – IKE uses a 1024-bit Diffie- Hellman Prime modules group
for performing the new Diffie-Hellman exchange.
•
Group 5 – IKE uses a 1536-bit Diffie- Hellman Prime modules group
for performing the new Diffie-Hellman exchange.
Select Group 2 for a compromise between network speed and network
security.
Select the life time unit. Select one of seconds, minutes, or hours.
Displays the IKE Phase 1 Exchange mode.
Type the life time value.
The range is 5 minutes to 8 hours.
VPN advanced configuration
Configuration Guide
173
Advertisement
Table of Contents
