Phase 2
Phase 2 advanced options
262
Figure 131:Phase 2 advanced settings
P2 Proposal
Select the encryption and authentication algorithms that will be used to
change data into encrypted code.
Add or delete encryption and authentication algorithms as required. Select a
minimum of one and a maximum of three combinations. The remote peer
must be configured to use at least one of the proposals that you define.
You can select any of the following symmetric-key algorithms:
•
NULL-Do not use an encryption algorithm.
•
DES-Digital Encryption Standard, a 64-bit block algorithm that uses a 56-
bit key.
•
3DES-Triple-DES, in which plain text is encrypted three times by three
keys.
•
AES128-A 128-bit block algorithm that uses a 128-bit key.
•
AES192-A 128-bit block algorithm that uses a 192-bit key.
•
AES256-A 128-bit block algorithm that uses a 256-bit key.
You can select either of the following message digests to check the
authenticity of messages during an encrypted session:
•
NULL-Do not use a message digest.
•
MD5-Message Digest 5, the hash algorithm developed by RSA Data
Security.
•
SHA1-Secure Hash Algorithm 1, which produces a 160-bit message
digest.
To specify one combination only, set the Encryption and Authentication
options of the second combination to NULL. To specify a third combination,
use the add button beside the fields for the second combination.
01-28008-0013-20050204
VPN
Fortinet Inc.