Planet MH-4000 User Manual page 134

Preshare Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long.
Encapsulation
ISAKMP Algorithm
ENC Algorithm: ESP Encryption Algorithm. ESP (Encapsulating Security Payload) provides
security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both
Encryption and Authentication. The available encryption algorithms including: 56 bit DES-CBC,
168-bit Triple DES-CBC, AES 128-bit, AES 192-bit and AES 256-bit encryption algorithm. The default
algorithm 56 bit DES-CBC.
AUTH Method: Authentication Method. Selects MD5(128-bit hash) or SHA-1(160-bit hash)
authentication algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.
Group: Selects Group 1(768-bit modulus), Group 2(1024-bit modulus) or Group 5(1536-bit
modulus). The larger the modulus, the more secure the generated key is. However, the larger the
modulus, the longer the key generation process takes. Both side of VPN tunnels must agree to
use the same group. The default algorithm is Group 1.
IPSec Algorithm: Select Data Encryption + Authentication or Authentication Only.
Data Encryption + Authentication
Encryption Algorithm: Selects 56 bit DES-CBC, 168-bit Triple DES-CBC, AES or NULL
encryption algorithm. The default algorithm is 56 bit DES-CBC.
Authentication Algorithm: Selects MD5(128-bit hash) or SHA-1(160-bit hash) authentication
algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.
Authentication Only
Perfect Forward Secrecy
IPSec Lifetime: New keys will be generated whenever the lifetime of the old keys is exceeded.
The Administrator may enable this feature if needed and enter the lifetime in seconds to re-key.
The default is 28800 seconds (eight hours). Selection of small values could lead to frequent
re-keying, which could affect performance.
Keep alive IP: Check to allow Remote Client computer IP Address connected to keep alive.
Aggressive mode: Select Aggressive mode algorithm.
GRE/IPSec: Select GRE/IPSec
Schedule: Select the item listed in the schedule to enable the policy to automatically execute the function in
a certain time.
QoS: Select the item listed in the QoS to enable the policy to automatically execute the function in a certain
range. (MH-4000 supports only)
Authentication-User: Select the item listed in the Authentication-User to enable the policy to automatically
execute the function in a certain time and range. (MH-4000 supports only)
Show remote Network Neighborhood: Select the remote Network Neighborhood enable to show.
(Generic Routing Encapsulation)
- 129 -
Multi-Homing Security Gateway User's Manual
packet seal technology.