IPsec parameters
Digi TransPort User Guide 434
IKEv2 parameters
When IKE Version 2 is supported, it is possible to specify whether the IKEv1 or IKEv2 protocol
should be used to negotiate IKE SAs. By default, IKEv1 is used. Routers which have been
upgraded to support IKEv2 will not require any changes to their configuration to continue
working with IKEv1.
Use the following settings for negotiation
The settings used during the IKEv2 negotiation
Encryption
The encryption algorithm used. The options are:
•None
•DES
•3DES
• AES (128 bit keys)
• AES (192 bit keys)
• AES (256 bit keys)
Authentication
The authentication algorithm used. The options are:
•None
•MD5
•SHA1
PRF Algorithm
The PRF (Pseudo Random Function) algorithm used. The options are:
•MD5
•SHA1
MODP Group for Phase 1
Sets the key length used in the IKE Diffie-Hellman exchange to 768 bits (group 1) or 1024 bits
(group 2). Normally, this option is set to group 1 and this is sufficient for normal use. For
particularly sensitive applications, you can improve security by selecting group 2 to enable a
1024 bit key length. Note however that this will slow down the process of generating the
phase 1 session keys (typically from 1-2 seconds for group 1), to 4-5 seconds.
To Next Page
Loading...
