Ubee EVW32C Subscriber User Manual page 79

Ubee Interactive
Label
Remote address
IPsec settings
Pre-shared key
Phase 1 DH group
Phase 1
encryption
Phase 1
authentication
Phase 1 SA
lifetime
Phase 2
encryption
Phase 2
authentication
Phase 2 SA
lifetime
Advanced Settings
Ubee EVW32C Advanced Wireless Voice Gateway Subscriber User Manual • March 2017
Identifies the specific remote IPsec VPN gateway to which your device will initiate the IPsec
VPN connection:

Use the IP address value when an IP address is the Network Address Type.

Use the FQDN if FQDN is selected.
Defines your pre-shared key. A pre-shared key identifies a communicating party during a phase
1 IKE negotiation. It is called "pre-shared" because you have to share it with the other party
before you can communicate with them over a secure connection.
Defines which Diffie-Hellman key group (DHx) you want to use for encryption keys:

DH1 – a 768-bit random number (default setting)

DH2 – a 1024-bit random number

DH5 – a 1536-bit random number
Defines which key size and encryption algorithm to use for data communications:

DES – a 56-bit key with the DES encryption algorithm (default setting).

3DES – a 168-bit key with the DES encryption algorithm. The EVW32C and the remote
IPsec router must use the same algorithms and key, used to encrypt and decrypt the
messages or to generate and verify a message authentication code. Longer keys require
more processing power, resulting in increased latency and decreased throughput.

AES – the Advanced Encryption Standard method of data encryption also uses a secret
key. This implementation of AES applies a 128-bit key to 128-bit blocks of data. AES is
faster than 3DES. You can choose AES-128, AES-192, AES-256.
Defines which hash algorithm to use to authenticate packet data in the IKE SA.

MD5 (message digest 5) produces a 128-bit digest to authenticate packet data (default
setting).

SHA1 (secure hash algorithm) produces a 160-bit digest to authenticate packet data. SHA1
is generally considered stronger than MD5, but it is also slower.
Defines the length of time (from 120 to 86400 seconds) before an IKE SA process renegotiates
a key. A short SA lifetime increases security by forcing the two VPN gateways to update the
encryption and authentication keys. However, every time the VPN tunnel renegotiates the keys,
remote users are temporarily disconnected.
Defines the key size and encryption algorithm to use for data communications:

DES – A 56-bit key with the DES encryption algorithm (default setting).

3DES – A 168-bit key with the DES encryption algorithm device and the remote IPsec
router must use the same algorithms and key, which can be used to encrypt and decrypt
the message or to generate and verify a message authentication code. Longer keys require
more processing power, resulting in increased latency and decreased throughput.

AES – The advanced encryption standard method of data encryption also uses a secret
key. This implementation of AES applies a 128-bit key to 128-bit blocks of data. AES is
faster than 3DES. You can choose AES-128, AES-192, AES-256.
Defines the hash algorithm to use to authenticate packet data in the IKE SA. Choices are SHA1
and MD5 (default setting). SHA1 is generally considered stronger than MD5, but it is also
slower.
Defines the length of time (from 120 to 86400 seconds) before an IPsec SA process
renegotiates keys.
Description
Using the VPN Option
74