User's Manual
Parameter Name
The lifetime parameters (IPsecPolicyLifeInSec and IPSecPolicyLifeInKB) determine the duration an
SA is valid. When the lifetime of the SA expires, it is automatically renewed by performing the IKE
second phase negotiations. To refrain from a situation where the SA expires, a new SA is being
negotiated while the old one is still valid. As soon as the new SA is created, it replaces the old one.
This procedure occurs whenever an SA is about to expire.
First to Fourth Proposal Encryption
Type
[IPSecPolicyProposalEncryption
_X]
First to Fourth Proposal
Authentication Type
[IPSecPolicyProposal
Authentication_X]
If no IPsec methods are defined (Encryption / Authentication), the default settings
(shown in the table below) are applied.
Proposal 0
Proposal 1
Proposal 2
Proposal 3
18.1.3.2.1
Configure the SPD table using the ini file
The SPD table is configured using ini file tables (described in ini' File Structure' on
page 65). Each line in the table refers to a different peer/traffic type combination.
Version 5.0
Table 18-3: SPD Table Configuration Parameters
Description
The default value is 0 (this parameter is ignored).
Determines the encryption type used in the quick mode
negotiation for up to four proposals.
X stands for the proposal number (0 to 3).
The valid encryption values are:
Not Defined (default)
None
DES-CBC
Triple DES-CBC
AES
Determines the authentication protocol used in the quick mode
negotiation for up to four proposals.
X stands for the proposal number (0 to 3).
The valid authentication values are:
Not Defined (default)
HMAC-SHA-1-96
HMAC-MD5-96
Table 18-4: Default IKE Second Phase Proposals
Encryption
[0] = No encryption
[1]
[2]
[3]
[2]
[4]
Authentication
3DES
3DES
DES
DES
433
18. Appendix - Security
SHA1
MD5
SHA1
MD5
June 2006