Lantronix SLC 8000 User Manual page 83

IKE v2
IKE Encryption
Authentication (IKE)
DH Group (IKE)
ESP Encryption
Authentication (ESP)
DH Group (ESP)
Authentication
RSA Public Key for
Remote Host
Pre-Shared Key
Retype Pre-Shared Key
SLC™ 8000 Advanced Console Manager User Guide
IKE version 2 settings to be used. Currently the accepted values are Permit,
(the default) signifying no IKEv2 should be transmitted, but will be accepted
if the other ends initiates to us with IKEv2; Never signifying no IKEv2
negotiation should be transmitted or accepted; Propose signifying that the
SLC will permit IKEv2, and also use it as the default to initiate; Insist,
signifying that the SLC only accept and receive IKEv2 and IKEv1
negotiations will be rejected.
If the IKEv2 setting is set to Permit or Propose, the SLC will try and detect a
"bid down" attack from IKEv2 to IKEv1. Since there is no standard for
transmitting the IKEv2 capability with IKEv1, the SLC uses a special Vendor
ID "CAN-IKEv2". If a fall back from IKEv2 to IKEv1 was detected, and the
IKEv1 negotiation contains Vendor ID "CAN-IKEv2", the SLC will
immediately attempt an IKEv2 rekey and refuse to use the IKEv1
connection. With an IKEv2 setting of Insist, no IKEv1 negotiation is allowed,
and no bid down attack is possible.
The type of encryption, 3DES, AES, SHA2_256 or SHA2_512 used for IKE
negotiation. Any can be selected if the two sides can negotiate which type
of encryption to use.
The type of authentication, SHA1 or MD5, used for IKE negotiation. Any
can be selected if the two sides can negotiate which type of authentication
to use.
The Diffie-Hellman Group, 2, 5, 14 or 15 used for IKE negotiation. Any can
be selected if the two sides can negotiate which Diffie-Hellman Group to
use.
The type of encryption, 3DES or AES, used for encrypting the data sent
through the tunnel. Any can be selected if the two sides can negotiate
which type of encryption to use.
The type of authentication, SHA1, MD5, or SHA2_512 used for
authenticating data sent through the tunnel. Any can be selected if the two
sides can negotiate which type of authentication to use.
The Diffie-Hellman Group, 2, 5, 14 or 15, used for the key exchange for data
sent through the tunnel. Any can be selected if the two sides can negotiate
which Diffie-Hellman Group to use.
The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host.
For RSA Public Key, each host generates a RSA public-private key pair,

and shares its public key with the remote host. The RSA Public Key for
the SLC 8000 advanced console manager (which has 2192 bits) can be
viewed at either the web or CLI.
For Pre-Shared Key, each host enters the same passphrase to be used

for authentication.
For X.509 Certificate, each host is configured with a Certificate Authority

certificate along with a X.509 certificate with a corresponding private key,
and shares the X.509 certificate with the remote host.
If RSA Public Key is selected for authentication, enter the public key for the
remote host.
If Pre-Shared Key is selected for authentication, enter the key.
If Pre-Shared Key is selected for authentication, re-enter the key.
6: Basic Parameters
83