Table of Contents
Advertisement
48
Phase 1 encryption
Phase 1 authentication
Phase 1 SA lifetime
Phase 2 encryption
DDW2600/DDC2700
DH1 - use a 768-bit random number
DH2 - use a 1024-bit random number
DH5 – user a 1536-bit random number
Select which key size and encryption algorithm to use for
data communications. Choices are:
DES - a 56-bit key with the DES encryption algorithm
3DES - a 168-bit key with the DES encryption algorithm
wireless router and the remote IPSec router must use the
same algorithms and key , which can be used to encrypt
and decrypt the message or to generate and verify a
message authentication code. Longer keys require more
processing power, resulting in increased latency and
decreased throughput.
AES - Advanced Encryption Standard is a newer method of
data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit
blocks of data. AES is faster than 3DES. Here you can have
the choice AES-128, AES-192, AES-256
Select which hash algorithm to use to authenticate packet
data in the IKE SA. Choices are SHA1 and MD5. SHA1 is
generally considered stronger than MD5, but it is also
slower.
MD5 (Message Digest 5) produces a 128-bit digest to
authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a 160-bit digest to
authenticate packet data.
Define the length of time before an IKE SA automatically
renegotiates in this field. It may range from 120 to 86400
seconds. A short SA Life Time increases security by forcing
the two VPN gateways to update the encryption and
authentication keys. However, every time the VPN tunnel
renegotiates, all users accessing remote resources are
temporarily disconnected.
Select which key size and encryption algorithm to use for
Web User Interface
Hide quick links:
Advertisement
Table of Contents
