1. Manuals
  2. Brands
  3. Secure Computing Manuals
  4. Gateway
  5. SG300
  6. User manual

Secure Computing SG300 User Manual page 238

Snapgear gateway
Hide thumbs Also See for SG300:
Table of Contents

Advertisement

Diffie Hellman Groups Loaded lists the Diffie Hellman groups and Oakley group
extensions that can be configured for both Phase 1 and Phase 2 negotiations.
Connection Details lists an overview of the tunnel's configuration. It contains the
following information:
An outline of the tunnel's network setup. In this example, it is
192.168.2.0/24===209.0.0.2(branch@office)...209.0.0.1===192.168.1.0/24
Phase 1 and Phase 2 key lifetimes (ike_life and IPSec_life respectively). In this
example, they are both 3600s.
Type of automatic (IKE) keying. In this example, the policy line displays
AGGRESSIVE. For Main mode, it displays MAIN.
Type of authentication used. In this example, the policy line displays PSK
(Preshared Key). For RSA Digital Signatures or x.509 certificates, it displays
RSA.
Whether Perfect Forward Secrecy is used. In this example, the policy line has
the PFS keyword. If PFS is disabled, the keyword does not appear.
Whether IP Payload Compression is used. In this example, the policy line does
not have the COMPRESS keyword since it has not been enabled.
The interface on which the tunnel is going out. In this example, the interface line
has eth1, which is the Internet interface.
The current Phase 1 key. This is the number that corresponds to the newest
ISAKMP SA field. In this example, phase 1 has not be successfully negotiated,
so there is no key yet.
The current Phase 2 key. This is the number that corresponds to the newest
IPSec SA field. In this example, phase 1 has not be successfully negotiated, so
there is no key yet.
The Phase 1 proposal wanted. The line IKE algorithms wanted reads 5_000-2-
2. The 5_000 refers to cipher 3DES (where 3DES has an id of 5, see Phase 1
Ciphers Loaded), the first 2 refer to hash SHA (where SHA has an id of 2, see
Phase 1 Hashes Loaded) and the second 2 refer to the Diffie Hellman Group 2
(where Diffie Hellman Group 2 has an id of 2).
The Phase 2 proposal wanted. The line ESP algorithms wanted reads 3_000-2;
pfsgroup=2. The 3_000 refers to cipher 3DES (where 3DES has an id of 3, see
Phase 2 Ciphers Loaded), the 2 refers to hash SHA1 or SHA (where SHA1 has
an id of 2, see Phase 2 Hashes Loaded) and pfsgroup=2 refers to the Diffie
Hellman Group 2 for Perfect Forward Secrecy (where Diffie Hellman Group 2 has
an id of 2).
Virtual Private Networking
232
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SG300 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Secure Computing SG300

Related Products for Secure Computing SG300

This manual is also suitable for:

Sg530Sg570Sg575Sg580Sg550Sg560 ... Show all

Table of Contents