Configure Ikev2 - Digi TransPort WR11 User Manual

Configuring Virtual Private Networking (VPN)

Configure IKEv2

When IKE Version 2 is supported, you can specify whether to use IKEv1 or IKEv2 protocol to negotiate
IKE SAs. The default is to use IKEv1. Routers the have been upgraded to support IKEv2 do not require
any changes to their configuration to continue working with IKEv1.
É
Web
1. Go to Configuration > Network > Virtual Private Networking (VPN) > IPsec > IKEv2 > IKEv2
n.
2. Configure the IKEv2 parameters:
Use the following settings for negotiation
The settings for the IKEv2 negotiation.
Encryption
The encryption algorithm. The options are None, DES, 3DES, AES (128 bit keys), AES (192 bit
keys), AES (256 bit keys).
Authentication
The authentication algorithm. The options are None, MD5, SHA1, SHA256.
PRF Algorithm
The PRF (Pseudo Random Function) algorithm. The options are MD5 and SHA1.
MODP Group for Phase 1
Sets the key length for the IKE Diffie-Hellman exchange to 768 bits (group 1) or 1024 bits
(group 2). Normally, this option is set to group 1 and this is sufficient for normal use. For
particularly sensitive applications, you can improve security by selecting group 2 to enable a
1024 bit key length. Note however that this will slow down the process of generating the
phase 1 session keys (typically from 1-2 seconds for group 1), to 4-5 seconds.
Renegotiate after h hrs m mins s secs
How long the initial IKEv2 Security Association will stay in force. When it expires any attempt to
send packets to the remote system will result in IKE attempting to establish a new SA.
Digi TransPort® Routers User Guide
Configure Internet Protocol security (IPsec)
511