Table of Contents
Advertisement
IKE Proposal
This section can be used to con gure the phase 1 settings:
Parameter
Negotiation mode
Encryption algorithm
Authentication algorithm
IKE Di e-Hellman Group The IKE Di e-Hellman Group
SA life time
Perfect Forward Secrecy
Pseudo-random function
IPsec Proposal
This section can be used to con gure the phase 2 settings:
Parameter
Encapsulation mode
IPsec protocol
Encryption algorithm
Authentication algorithm
SA life time
Perfect forward secrecy
(PFS)
Force encapsulation
NB3000-Line-Hd User Manual 4.2
IPsec IKE Proposal Settings
Choose the desired negotiation mode. Preferably, main mode
should be used but aggressive mode might be applicable
when dealing with dynamic endpoint addresses.
The desired IKE encryption method (we recommend AES256)
The desired IKE authentication method (we prefer SHA1 over
MD5)
The lifetime of Security Associations
Speci es whether Perfect Forward Secrecy (PFS) should be
used. This feature increases security as PFS avoids penetration
of the key-exchange protocol and prevents compromisation of
previous keys.
PRF algorithms that can optionally be used.
IPsec Proposal Settings
The desired encapsulation mode (Tunnel or Transport)
The desired IPsec protocol (AH or ESP)
The desired IKE encryption method (we recommend AES256)
The desired IKE authentication method (we prefer SHA1 over
MD5)
The lifetime of Security Associations
Speci es whether Perfect Forward Secrecy (PFS) should be
used. This feature increases security as PFS avoids penetration
of the key-exchange protocol and prevents compromisation of
previous keys.
Force UDP encapsulation for ESP packets even if no NAT situa-
tion is detected.
107
Advertisement
Table of Contents
Need help?
Do you have a question about the NB3000-Line-Hd and is the answer not in the manual?