Click Submit to add the new IPSec tunnel after selecting the appropriate Automatic
Startup, Authorization, Authentication, and Key Configuration.
Warning
The pre-shared secret must be entered identically at each end of the tunnel. The IPSec
tunnel will fail to connect if the pre-shared secret is not identical at both ends.
The pre-shared secret is a highly sensitive piece of information. It is essential to keep this
information secret. Communications over the IPSec tunnel may be compromised if this
information is divulged.
Aggressive mode phase 1 settings
IPSec combines a number of cryptographic techniques:
Technique
Block ciphers
Hash functions
Diffie-Hellman
Automatic keying provides a mechanism for regularly changing the cryptographic keys
used by the IPSec tunnel. This regular key change results in enhanced security; if a third
party gets one key, only the messages between the previous re-keying and the next are
exposed.
Key Lifetime is the time between consecutive re-keying events (i.e. the lifetime of a key).
Shorter values offer higher security at the expense of the computational overhead
required to calculate the new keys. SnapGear recommends a default value of 1 hour.
Virtual Private Networking
Description
A symmetric cipher that operates on fixed-size blocks of plaintext,
giving a block of ciphertext for each.
A complex operation that uses both a hashing algorithm (MD5 or SHA)
and a key.
The Diffie-Hellman key agreement protocol allows two parties (A and B)
to agree on a key in such a way that an eavesdropper who intercepts
the entire conversation cannot learn the key. The protocol is based on
the discrete logarithm problem and is considered to be secure.
89