356
Item Descri
tion
Encryption Algorithm
Select the encryption algorithm to be used in IKE negotiation. Options include:
• DES-CBC—Uses the DES algorithm in CBC mode and 56-bit key.
• 3DES-CBC—Uses the 3DES algorithm in CBC mode and 168-bit key.
• AES-128—Uses the AES algorithm in CBC mode and 128-bit key.
• AES-192—Uses the AES algorithm in CBC mode and 192-bit key.
• AES-256—Uses the AES algorithm in CBC mode and 256-bit key.
DH
Select the DH group to be used in key negotiation phase 1. Options include:
• Diffie-Hellman Group1—Uses the 768-bit Diffie-Hellman group.
• Diffie-Hellman Group2—Uses the 1024-bit Diffie-Hellman group.
• Diffie-Hellman Group5—Uses the 1536-bit Diffie-Hellman group.
• Diffie-Hellman Group14—Uses the 2048-bit Diffie-Hellman group.
SA Lifetime
Enter the ISAKMP SA lifetime in IKE negotiation.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it
takes effect immediately and the old one will be cleared automatically when it expires.
IMPORTANT:
Before an ISAKMP SA expires, IKE negotiates a new SA to replace it. DH calculation in
IKE negotiation takes time, especially on low-end devices. Set the lifetime greater than 10
minutes to prevent the SA update from influencing normal communication.
Phase 2
Security Protocol
Select the security protocols to be used. Options include:
• ESP—Uses the ESP protocol.
• AH—Uses the AH protocol.
• AH-ESP—Uses ESP first and then AH.
AH Authentication
Algorithm
Select the authentication algorithm for AH when you select AH or AH-ESP for Security
Protocol.
Available authentication algorithms include MD5 and SHA1.
ESP Authentication
Algorithm
Select the authentication algorithm for ESP when you select ESP or AH-ESP for Security
Protocol.
You can select MD5 or SHA1, or select NULL so that ESP performs no authentication.
IMPORTANT:
The ESP authentication algorithm and ESP encryption algorithm cannot be null at the
same time.
To Next Page
Loading...
Need help?
General
