Draytek Vigor2132 Series User Manual page 322

Vigor2132 Series User's Guide
authentication algorithm.

3DES without Authentication-Use triple DES
encryption algorithm and not apply any
authentication scheme.

3DES with Authentication-Use triple DES
encryption algorithm and apply MD5 or SHA-1
authentication algorithm.

AES without Authentication-Use AES
encryption algorithm and not apply any
authentication scheme.

AES with Authentication-Use AES encryption
algorithm and apply MD5 or SHA-1
authentication algorithm.
Advanced - Specify mode, proposal and key life of each
IKE phase, Gateway, etc.
The window of advance setup is shown as below:
IKE phase 1 mode -Select from Main mode and
Aggressive mode. The ultimate outcome is to exchange
security proposals to create a protected secure channel.
Main mode is more secure than Aggressive mode since
more exchanges are done in a secure channel to set up the
IPSec session. However, the Aggressive mode is faster. The
default value in Vigor router is Main mode.

IKE phase 1 proposal-To propose the local available
authentication schemes and encryption algorithms to
the VPN peers, and get its feedback to find a match.
Two combinations are available for Aggressive mode
and nine for Main mode. We suggest you select the
combination that covers the most schemes.

IKE phase 2 proposal-To propose the local available
algorithms to the VPN peers, and get its feedback to
find a match. Three combinations are available for
both modes. We suggest you select the combination
that covers the most algorithms.

IKE phase 1 key lifetime-For security reason, the
lifetime of key should be defined. The default value is
28800 seconds. You may specify a value in between
900 and 86400 seconds.

IKE phase 2 key lifetime-For security reason, the
lifetime of key should be defined. The default value is
3600 seconds. You may specify a value in between
600 and 86400 seconds.

Perfect Forward Secret (PFS)-The IKE Phase 1 key
will be reused to avoid the computation complexity in
314