Table of Contents
Advertisement
Network and Security Manager Administration Guide
Creating Custom IKE Phase 2 Proposals
430
Group 19. Uses a 256–bit modulus.
Group 20. Uses a 384–bit modulus.
Encryption Algorithm—Select the algorithm that meets your security requirements:
DES-CBC
3DES-CBC
AES-CBC (128 Bits)
AES-CBC (192 Bits)
AES-CBC (256 Bits)
NOTE: Security devices use hardware encryption for DES and 3DES and
use software encryption for AES.
Hash Algorithm—Select the algorithm that meets your security requirements.
MD5. Authenticate data using Message Digest version 5.
SHA-1. Authenticate data with Secure Hash Algorithm-1.
SHA-2. Authenticate data with Secure Hash Algorithm-2 (minimum 256 bit).
Lifetime—Enter the number of seconds before the key is regenerated. The default value
is 28800 seconds (8 hours).
Click OK to add the custom IKE object to the management system.
Create a custom proposals for a specific combination of authentication and encryption
that is not available in the predefined proposals, or to match the name of proposals on
a non-security device.
Perfect Forward Secrecy—PFS ensures that a single key permits access to data
protected by that single key. The key used to protect transmission of data and the
material used to create that key are used only once and are not used to derive additional
keys. Select the DH group to encrypt the key:
No Perfect Forward Secrecy.
Diffie-Hellman Group 1.
Diffie-Hellman Group 2.
Diffie-Hellman Group 3.
Diffie-Hellman Group 14.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
