Table of Contents
Advertisement
62
VPN configuration
Variable
Protocol
IP Sec Phase 2 Proposal table
Protocol
Encryption
Authentication
Preferred Forward Secrecy
NN47928-500
NN47928-500
Value
Select the traffic protocol for the source or destination address. Select one
of the following options:
•
Any
•
TCP
•
UDP
•
ICMPv4
•
AH
•
ESP
When you select a protocol and apply the IPSec policy, the policy is
applied on the selected protocol packets only. For example, if ICMPv4, is
selected, when you ping from one host to another, only ICMP packets are
encrypted or authenticated.
Select the authentication protocol. Select one of the following:
•
ESP - IPSec encrypts and authenticates.
•
AH - IPSec authenticates only.
Select the IPSec Encryption. Select one of the following options:
•
null – indicates no standard is used for IPsec encryption.
•
Data Encryption Standard (DES) – a standard for encrypting data that
uses a 64 bit key to encrypt data, but only 56 bits are used. This
standard is considered inadequate for data protection.
•
Triple Data Encryption Standard (3DES) – processes each block of
data using a different key each time, resulting in a significantly more
secure message.
•
Advanced Encryption Standard (AES128, AES192, AES256) – has a
fixed block size of 128 bits and a key size of 128, 192 or 256 bits. Due
to the fixed block size of 128 bits, AES operates on a 4x4 array of
bytes.
Select DES if you require network speed.
Select AES256 if you require strong network security.
Select the preferred authentication method. Select one of the following:
•
None - indicates that no authentication method is required.
•
HMAC-MAC5 - the message authentication code is calculated using
the MD5 cryptographic hash function. This cryptographic hash function
has some additional security properties with a 128-bit hash value,
which is commonly used to check the integrity of files.
•
HMAC-SHA1 - the message authentication code is calculated using
the SHA1 algorithm. This cryptographic hash function computes a
condensed digital representation to a high degree of probability.
Select the Preferred Forward Secrecy (PFS). Select one of the following
options:
•
None - IKE does not use any PFS.
•
PFS Group 1 - IKE uses a 768-bit Diffie-Hellman Prime modules group
for performing the new Diffie-Hellman exchange.
•
PFS Group 2 - IKE uses a 1024-bit Diffie-Hellman Prime modules
group for performing the new Diffie-Hellman exchange.
•
PFS Group 5 - IKE uses a 1536-bit Diffie-Hellman Prime modules
group for performing the new Diffie-Hellman exchange.
Advertisement
Table of Contents
