Digi TransPort User Manual page 260

Authentication
This parameter defines the authentication algorithm used. The options are:
• None
• MD5
• SHA1
PRF Algorithm
This parameter defines the PRF (Pseudo Random Function) algorithm used. The options are:
• MD5
• SHA1
MODP Group for Phase 1
This parameter sets the key length used in the IKE Diffie-Hellman exchange to768 bits (group
1) or 1024 bits (group 2). Normally this option is set to group 1 and this is sufficient for normal
use. For particularly sensitive applications, you can improve security by selecting group 2 to
enable a 1024 bit key length. Note however that this will slow down the process of generating
the phase 1 session keys (typically from 1-2 seconds for group 1), to 4-5 seconds.
Renegotiate after h hrs m mins s secs
This parameter determines how long the initial IKEv2 Security Association will stay in force.
When it expires any attempt to send packets to the remote system will result in IKE attempting
to establish a new SA.
Rekey after h hrs m mins s secs
When the time left until expiry for this SA reaches the value specified by this parameter, the
IKEv2 SA will be renegotiated, such as a new IKEv2 SA is negotiated and the old SA is removed.
Any IPSec "child" SAs that were created are retained and become "children" of the new SA.
Related CLI commands
Entity
ike2
ike2
ike2
ike2
ike2
Digi TransPort User Guide
Instance Parameter
n iencalg
n ienkeybits
n iauthalg
n iprfalg
n idhgroup
Values Equivalent Web Parameter
des, 3des, Encryption
aes
128, 192, 256 Encryption (AES Key length)
md5, sha1 Authentication
md5, sha1 PRF Algorithm
1, 2, 5 MODP Group for Phase 1
IPsec parameters
260