Table of Contents
Advertisement
Mode
DH Group
IKE Life Duration
IKE Hash
IKE Encryption
You can select between Main and Aggressive
modes for the Phase 1 negotiation to establish a
VPN IPSec tunnel. In the Main mode, all
communication between the two endpoints of
an IPSec VPN tunn
el are encrypted. In
A
ggressive mode, there is no encryption in the
Phase 1 negotiation.
The DH algorithm allows the DFL-600 to
generate secret ke
ys for encryption for the
Phase 1 negotiation. Group 1 generates a 768-
bit key and Group 2 generates
The same DH Group must be used on both ends
of an IPSec VPN tunnel.
This is the duration (in seconds) the phase 1 key
after the tunnel is established. When this
duration has past, the tw
restart of the phase 1 negotiation to set up a new
phase 1 key. Phase 2 negotiation will also be
triggered to build a new tunnel.
This drop-down menu a
algorithm that will be used to ensure that the
messages exchanged between the tw
VPN tunnel endpoints has been received
exactly as it was sent. In other words, a Hash
algorithm is used to gene
by a mathematical operation using the entire
message. The resulting numb
message digest. The very sam
operation is performed when the m
received, and if there has been any change in
the message in transit, the resulting message
digest number will be different and the message
will be rejected. You can choose between MD5
− a 128-bit message digest, and SHA − which
generates a 160-bit message digest. You must
have exactly the same IKE Hash algorithm on
both ends of a VPN tunnel.
This drop-down menu allows you to select the
a 1024-bit key.
o peers will trigger a
llows you to select the
o IPSec
rate a binary number
er is called a
e mathematical
essage is
Advertisement
Table of Contents
