Table of Contents
Advertisement
IPSec Settings
Pre-Shared Key
Phase 1DH Group
Phase 1 Encryption
Phase 1
Authentication
Phase 1 SA Lifetime
Configure the IPSec protocol related parameters.
Enter a key (Pre-Shared key) for authentication.
Select the Diffie-Hellman key group (DHx) you want to use for
encryption keys.
DH1: uses a 768-bit random number
DH2: uses a 1024-bit random number
DH5: uses a 1536-bit random number.
Select the key size and encryption algorithm to use for data
communications.
DES: a 56-bit key with the DES encryption algorithm
3DES: a 168-bit key with the DES encryption algorithm. Both
the Cable Modem/Router and the remote IPSec router must use
the same algorithms and key, which can be used to encrypt and
decrypt the message or to generate and verify a message
authentication code. Longer keys require more processing
power, resulting in increased latency and decreased
throughput.
AES: AES (Advanced Encryption Standard) is a newer method
of data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit blocks of
data. AES is faster than 3DES. Here you have the choice of
AES-128, AES-192 and AES-256.
Select the hash algorithm used to authenticate packet data in
the IKE SA.
SHA1: generally considered stronger than MD5, but it is also
slower.
MD5 (Message Digest 5): produces a 128-bit digest to
authenticate packet data.
SHA1 (Secure Hash Algorithm): produces a 160-bit digest to
authenticate packet data.
In this field define the length of time before an IKE SA
automatically renegotiates. This value may range from 120 to
86400 seconds. A short SA lifetime increases security by
forcing the two VPN Cable Modem/Router's to update the
encryption and authentication keys. However, every time the
104
Hide quick links:
Advertisement
Table of Contents
