File
8
VPNE-SERVER : INTERNET APPLICATIONS
Ed. 04 7/10Réf. 3EH 21000 BSAA
During negotiation,the initiator of the connection sends a list of proposals, i.e. combination of SA pa-
rameters it can accept. The responder then selects an acceptable proposal (if any) and tells the initiator
about this choice.
- Phase 1 SA parameters
The table below depicts the parameters being negotiated during phase 1 and the possibilities offered
by Alcatel OmniPCX Office.
Parameter Purpose Supported in Alcatel OmniPCX
Office
Encryption Algorithm Data confidentiality DES
3-DES
Hash function Data authentication + integrity SHA-1
MD5
Diffie-Helman Group Key computation Group 1 (Oakley MODP768
Group 2 (Oakley MODP1024
Group 5 (Oakley MODP1536
Authentication method IPsec peers authentication Pre-Shared secret (PSK)
RSA signature using "raw" public keys
SA lifetime Time before re-negotiation of
this SA
Maximum 8 hours
3DES
SHA
RSASig
DH Group 2
DES
MD5
Pre-shared
DH Group 1
Proposal
Choice 1 Choice 2
Selection
DES
MD5
Pre-shared
DH Group 1
IKE parameters
negotiation