Table of Contents
Advertisement
18 VPN
292
Field
DH Group
Lifetime
Funkwerk Enterprise Communications GmbH
Description
developed by the NSA (United States National Security Asso-
ciation). It is rated as secure, but is slower than MD5. It is
used with a 96 bit digest length for IPSec.
•
: RipeMD 160 is a 160 bit hash algorithm. It is
used as a secure replacement for MD5 and RipeMD.
•
: Tiger 192 is a relatively new and very fast al-
gorithm.
Please note that the description of the encryption and authentic-
ation or the hash algorithms is based on the author's knowledge
and opinion at the time of creating this User Guide. In particular,
the quality of the algorithms is subject to relative aspects and
may change due to mathematical or cryptographic develop-
ments.
The Diffie-Hellman group defines the parameter set used as the
basis for the key calculation during phase 1. "MODP" as sup-
ported by bintec devices stands for "modular exponentiation".
Possible values:
•
: During the Diffie-Hellman key calculation, mod-
ular exponentiation at 768 bits is used to create the encryption
material.
•
: During the Diffie-Hellman key calculation,
modular exponentiation at 1024 bits is used to create the en-
cryption material.
•
: During the Diffie-Hellman key calculation,
modular exponentiation at 1536 bits is used to create the en-
cryption material.
Create a lifetime for phase 1 keys.
As for RFC 2407, the default value is eight hours, which means
the key must be renewed once eight hours have elapsed.
The following options are available for defining the lifetime:
Input in Seconds: Enter the lifetime for phase 1 key in seconds.
The value can be a whole number from 0 to 2147483647. The
default value is
.
Input in kBytes: Enter the lifetime for phase 1 keys as amount
R1xxx/R3xxx/R4xxx
Advertisement
Table of Contents
