Table of Contents
Advertisement
Network and Security Manager Administration Guide
Creating Custom IKE Phase 2 Proposals
420
DSA Certificate.
Diffie-Hellman Group—The Diffie-Hellman group provides asymmetric encryption to
encrypt the keys needed to decrypt the data. The larger the modulus of the group, the
more secure the generated key is—and the more time it takes to generate the key.
Select the group that meets your security requirements and user needs:
Group 1. Uses a 768-bit modulus.
Group 2. Uses a 1024-bit modulus
Group 5. Uses a 1536-bit modulus.
Group 14. Uses a 2048–bit modulus.
Group 19. Uses a 256–bit modulus.
Group 20. Uses a 384–bit modulus.
Encryption Algorithm—Select the algorithm that meets your security requirements:
DES-CBC
3DES-CBC
AES-CBC (128 Bits)
AES-CBC (192 Bits)
AES-CBC (256 Bits)
NOTE: Security devices use hardware encryption for DES and 3DES and use software
encryption for AES.
Hash Algorithm—Select the algorithm that meets your security requirements.
MD5. Authenticate data using Message Digest version 5.
SHA-1. Authenticate data with Secure Hash Algorithm-1.
SHA-2. Authenticate data with Secure Hash Algorithm-2 (minimum 256 bit).
Lifetime—Enter the number of seconds before the key is regenerated. The default value
is 28800 seconds (8 hours).
Click OK to add the custom IKE object to the management system.
Create a custom proposals for a specific combination of authentication and encryption
that is not available in the predefined proposals, or to match the name of proposals on
a non-security device.
Perfect Forward Secrecy—PFS ensures that a single key permits access to data
protected by that single key. The key used to protect transmission of data and the
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
