Table of Contents
Advertisement
Click Submit to add the new IPSec tunnel after selecting the appropriate Automatic
Startup, Authorization, Authentication, and Key Configuration.
Warning
The pre-shared secret must be entered identically at each end of the tunnel. The IPSec
tunnel will fail to connect if the pre-shared secret is not identical at both ends.
The pre-shared secret is a highly sensitive piece of information. It is essential to keep this
information secret. Communications over the IPSec tunnel may be compromised if this
information is divulged.
Aggressive mode phase 1 settings
IPSec combines a number of cryptographic techniques:
Technique
Block ciphers
Hash functions
Diffie-Hellman
Automatic keying provides a mechanism for regularly changing the cryptographic keys
used by the IPSec tunnel. This regular key change results in enhanced security; if a third
party gets one key, only the messages between the previous re-keying and the next are
exposed.
Key Lifetime is the time between consecutive re-keying events (i.e. the lifetime of a key).
Shorter values offer higher security at the expense of the computational overhead
required to calculate the new keys. SnapGear recommends a default value of 1 hour.
Virtual Private Networking
Description
A symmetric cipher that operates on fixed-size blocks of plaintext,
giving a block of ciphertext for each.
A complex operation that uses both a hashing algorithm (MD5 or SHA)
and a key.
The Diffie-Hellman key agreement protocol allows two parties (A and B)
to agree on a key in such a way that an eavesdropper who intercepts
the entire conversation cannot learn the key. The protocol is based on
the discrete logarithm problem and is considered to be secure.
89
Advertisement
Table of Contents
