Auto Ike Ipsec Key Exchange - Teltonika RUT100 HSDPA User Manual

4.7.3.2

Auto IKE IPsec Key exchange

Auto IPsec configuration uses the Internet Key Exchange (IKE) for automatically keying IPsec
connections.
IKE has two phases:
Phase one - SA for own communication (IKE-SA).
Phase two - IPSec SA establishment.
Note: IKE uses UDP port 500. Make sure that your firewall configuration does not block this port.
During phase one router IKE sends proposals for creating IKE-SA:
1. Hash Algorithm
2. Encryption Algorithm
3. Authentication Methods
4. Diffie-Hellman Group
If proposals do not match IPsec server configuration, then no tunnel will be crated. E.g.
Phase one
Router sent proposals configuration is hardcoded and can not be change. Phase one IKE-SA proposals
sent by the router are given below:
Phase one proposal 1
Pre-shared key authentication
Aggressive or main mode connection
AES encryption
SHA1 hash algorithm
dh_group 2
Phase one proposal 2
Pre-shared key authentication
Aggressive or main mode connection
3DES encryption
MD5 hash algorithm
dh_group 2
Phase two
During phase two router supports following configuration:
PFS group - modp1024 (1024-bit Diffie-Hellman prime modulus group)
Lifetime time 3600 sec
Encryption algorithm - aes,3des,des,blowfish
Authentication algorithm - hmac_sha1,hmac_md5
33 | P a g e