Table of Contents
Advertisement
4.4.3 VPN - Configure
66
Phase 2
Select which key size and encryption algorithm to use for data
Encryption
communications. Choices are:
Phase 2
Select which hash algorithm to use to authenticate packet data in
Authentication
the IKE SA. Choices are Null, SHA1 and MD5. SHA1 is generally
considered stronger than MD5, but it is also slower.
Phase 2 SA
Define the length of time before an IPSec SA automatically
Lifetime
renegotiates keys. It may range from 120 to 86400 seconds.
Show Advanced
Click this button to specify advanced parameters for the VPN. The
Settings
defaults are typically acceptable. Refer to
example.
Apply
Click to save all changes.
Key Management
Select Auto (IKE) or select Manual key configuration in order to set
up a VPN.
IKE Negotiation
Determines how the Security Association (SA) will be established for
Mode
each connection through IKE negotiations. The choices are:
Perfect Forward
Perfect Forward Secret (PFS) is Disabled by default in phase 2
Secrecy (PFS)
IPSec SA setup. This allows faster IPSec setup, but is not so
secure. Select DH1, DH2 or DH5 to enable PFS.
Phase 2 DH Group
After enabling PFS, you must select a DH Group.
Replay Detection
Select Enabled or Disabled for replay detection. As VPN setup is
processing intensive, the system can be vulnerable to Denial of
Service (DOS) attacks. The IPSec receiver can detect and reject old
or duplicate packets to protect against replay attacks.
DDW2600 Wireless & DDC2700 Commercial Cable Modem/Router Subscriber User Guide • May, 2010
Null – No data encryption in IPSec SA. Not suggested.
DES - a 56-bit key with the DES encryption algorithm.
3DES - a 168-bit key with the DES encryption algorithm, the
cable modem and the remote IPSec router must use the same
algorithms and key, which can be used to encrypt and decrypt
the message or to generate and verify a message
authentication code. Longer keys require more processing
power, resulting in increased latency and decreased throughput.
AES - Advanced Encryption Standard is a newer method of data
encryption that also uses a secret key. This implementation of
AES applies a 128-bit key to 128-bit blocks of data. AES is
faster than 3DES. Here you can have the choice AES-128,
AES-192, AES-256.
Main Mode, which ensures the highest level of security when
the communicating parties are negotiating authentication
(phase 1).
Aggressive Mode, which is quicker than Main Mode because it
eliminates several steps when the communicating parties are
negotiating authentication (phase 1).
Ubee Interactive
page 67
for a screen
Hide quick links:
Advertisement
Table of Contents
