69
method.
• Phase 1 Authentication
Authentication determines a method to authenticate the data
packets to make sure they come from a trusted source. Either
MD5 or SHA1 may be selected. Notice that both sides (VPN
endpoints) must use the same Authentication method.
• MD5 - A one way hashing algorithm that produces a 128-
bit digest.
• SHA1 - A one way hashing algorithm that produces a 160-
bit digest.
• Phase 1 SA Life Time
This field allows you to configure the length of time a VPN tun-
nel is active in Phase 1. The default value is 28,800 seconds.
• Perfect Forward Secrecy
If PFS is enabled, IKE Phase 2 negotiation will generate a new
key material for IP traffic encryption and authentication. Note
that both sides must have this selected.
• Phase2 DH Group
There are three groups of different prime key lengths. Group1 is
768 bits, Group2 is 1,024 bits and Group 5 is 1,536 bits. If net-
work speed is preferred, select Group 1. If network security is
preferred, select Group 5. You can choose the different Group
with the Phase 1 DH Group you chose. If Perfect Forward Se-
crecy is disabled, there is no need to setup the Phase 2 DH
Group since no new key generated, and the key of Phase 2 will
be same with the key in Phase 1.
• Phase 2 Encryption
Phase 2 is used to create one or more IPSec SAs, which are then
used to key IPSec sessions. There are five methods of encryp-
tion, DES, 3DES, AES-128, AES-192 and AES-256. The
Encryption method determines the length of the key used to en-
crypt/decrypt ESP packets. DES is 56-bit encryption, 3DES is
168-bit encryption, AES-128 is 128-bit encryption, AES-192 is
192-bit encryption and AES-256 is 256-bit encryption. DES is
faster than 3DES, but 3DES is more secure than DES. Both
sides must use the same Encryption method. If users enable the
AH Hash Algorithm in Advanced, it is recommended to select
Null to disable encrypt/decrypt ESP packets in Phase 2 for most
users, but both sides of tunnel must use the same setting.
• Phase 2 Authentication
Authentication determines a method to authenticate the data
packets to make sure they come from a trusted source. Either
MD5 or SHA1 may be selected. Notice that both sides (VPN
endpoints) must use the same Authentication method.
• MD5 - A one way hashing algorithm that produces a 128-
bit digest.
• SHA1 - A one way hashing algorithm that produces a 160-
bit digest.
• Phase 2 SA Life Time
This field allows you to configure the length of time a VPN tun-
nel is active in Phase 2. The default value is 3,600 seconds.
To Next Page
Loading...
