Pre-shared key to use to authenticate the remote IKE peer. You can enter up to 30
keyboard characters or hexadecimal values, such as My_@123 or 4d795f40313233.
Both ends of the VPN tunnel must use the same Pre-shared Key.
We recommend that you change the Pre-shared Key periodically to maximize VPN
security.
Pre-Shared Key
Phase 2 Options
Select a DH group (Group 2 or Group 5) from the drop-down list. DH is a key exchange
protocol, with two groups of different prime key lengths: Group 2 has up to 1,024 bits,
and Group 5 has up to 1,536 bits.
For faster speed and lower security, choose Group 2. For slower speed and higher
security, choose Group 5. Group 2 is selected by default.
This is enabled only when Perfect Forward secrecy is enabled under Phase I
Options.
Note
Diffie-Hellman (DH) Group
Select a protocol from the drop-down list.
•
ESP: Select ESP for data encryption and enter the encryption.
•
AH: Select this for data integrity in situations where data is not secret but must
be authenticated.
Protocol Selection
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
Encryption
Select an authentication (MD5, SHA1 or SHA2-256).Authentication
Amount of time a VPN tunnel (IPSec SA) is active in this phase. The default value for
Phase 2 is 3600 seconds.
SA Lifetime (Sec)
Step 12
Click Next to see the summary of all configurations.
Step 13
Click Submit.
IPsec Profiles
The IPsec profiles contain information related to the algorithms such as encryption, authentication, and DH
group for Phase I and II negotiations in auto mode. These profiles also contain keys for corresponding
algorithms in case keying mode is manual. The IPsec profiles are referred in any of IPsec VPN records like
site-to-site, client-to-site, or Teleworker VPN client
RV345/345P Administration Guide
77
VPN
IPsec Profiles
To Next Page
Loading...
Need help?
General
