43 VoIP Subscriber Gateways
My identifier type – identifier type of the device: address, fqdn, user_fqdn, asn1dn;
My identifier – device identifier used for identification during phase 1 (fill in, if
required). Identifier format depends on the type.
Phase 1 During the first step (phase), two hosts negotiate on the identification
method, encryption algorithm, hash algorithm and Diffie Hellman group. In
addition, they identify each other. For phase 1, there are the following settings.
Pre-shared key;
Authentication algorithm – select an authentication algorithm from the list: MD5,
SHA1, SHA256, SHA384, SHA512;
Encryption algorithm – select an encryption algorithm from the list: DES, 3DES,
Blowfish, Cast128, AES;
Diffie Hellman group – select Diffie-Hellman group;
Phase 1 lifetime, sec – time that should pass for hosts' mutual re-identification and
policy comparison (other name IKE SA lifetime). Default value is 24 hours (86400
seconds).
Phase 2 During the second step, key data is generated, hosts negotiate on the
utilized policy. This mode—also called as 'quick mode'—differs from the phase 1 in
that it may be established after the first step only, when all the phase 2 packets are
encrypted.
Authentication algorithm – select an authentication algorithm from the list: HMAC-
MD5, HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512;
Encryption algorithm – select an encryption algorithm from the list: DES, 3DES,
Blowfish, Twofish, Cast128, AES;
Diffie Hellman group – select Diffie-Hellman group;
Phase 2 lifetime, sec – time that should pass for data encryption key changeover
(other name IPSec SA lifetime). Default value is 60 minutes (3600 seconds).
During the activation of manual mode of key exchange, the following settings will be available:
To Next Page
Loading...
