Extreme Networks Summit WM3000 Series Reference Manual page 371

Hash Value
Authentication Type
SA Lifetime (sec.)
DH Group
NOTE
192-bit AES and 256-bit AES are not supported for manual IPSec sa configurations.
4 Highlight an existing policy and click the Edit button to revise the policy's existing encryption
scheme, hash value, authentication type, SA lifetime and DH group.
The sequence number cannot be revised.
5 Select an existing policy and click the Delete button to remove it from the table.
Summit WM3000 Series Controller System Reference Guide
Displays the hash algorithm used to ensure data integrity. The hash value
validates a packet comes from its intended destination, and has not been
modified in transit. Options include:
• SHA1 - The default value.
MD5
• - MD5 has a smaller digest and is somewhat faster than SHA-1.
Displays the authentication scheme used to validate the identity of each
peer. Pre-shared keys do not scale accurately with a growing network but
are easier to maintain in a small network. Options include:
• Pre-shared Key - Uses pre-shared keys.
RSA Signature
• - Uses a digital certificate with keys generated by the
RSA signatures algorithm.
Displays an integer for the SA lifetime. The default is 60 seconds. With
longer lifetimes, security defines future IPSec security associations
quickly. Encryption strength is great enough to ensure security without
using fast rekey times. Extreme Networks recommends using the default
value.
Diffie-Hellman
Displays the
defined value to derive a shared secret without transmitting it to one
another.
(DH) group identifier. IPSec peers use the
371