6
Item Description
Encryption Algorithm
Select the encryption algorithm to be used in IKE negotiation. Options include:
• DES-CBC—Uses the DES algorithm in CBC mode and 56-bit key.
• 3DES-CBC—Uses the 3DES algorithm in CBC mode and 168-bit key.
• AES-128—Uses the AES algorithm in CBC mode and 128-bit key.
• AES-192—Uses the AES algorithm in CBC mode and 192-bit key.
• AES-256—Uses the AES algorithm in CBC mode and 256-bit key.
DH
Select the DH group to be used in key negotiation phase 1. Options include:
• Diffie-Hellman Group1—Uses the 768-bit Diffie-Hellman group.
• Diffie-Hellman Group2—Uses the 1024-bit Diffie-Hellman group.
• Diffie-Hellman Group5—Uses the 1536-bit Diffie-Hellman group.
• Diffie-Hellman Group14—Uses the 2048-bit Diffie-Hellman group.
SA Lifetime
Enter the ISAKMP SA lifetime in IKE negotiation.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is set up, it
takes effect immediately and the old one will be cleared automatically when it
expires.
IMPORTANT:
Before an ISAKMP SA expires, IKE negotiates a new SA to replace it. DH
calculation in IKE negotiation takes time, especially on low-end devices. Set the
lifetime greater than 10 minutes to prevent the SA update from influencing normal
communication.
Phase 2
Security Protocol
Select the security protocols to be used. Options include:
• ESP—Uses the ESP protocol.
• AH—Uses the AH protocol.
• AH-ESP—Uses ESP first and then AH.
AH Authentication
Algorithm
Select the authentication algorithm for AH when you select
AH
or
AH-ESP
for
Security Protocol
.
Available authentication algorithms include MD5 and SHA1.
ESP Authentication
Algorithm
Select the authentication algorithm for ESP when you select
ESP
or
AH-ESP
for
Security Protocol
.
You can select MD5 or SHA1, or select NULL so that ESP performs no
authentication.
IMPORTANT:
The ESP authentication algorithm and ESP encryption algorithm cannot be null at
the same time.
ESP Encryption
Algorithm
Select the encryption algorithm for ESP when you select
ESP
or
AH-ESP
for
Security Protocol
. Options include:
• 3DES—Uses the 3DES algorithm and 168-bit key for encryption.
• DES—Uses the DES algorithm and 56-bit key for encryption.
• AES128—Uses the AES algorithm and 128-bit key for encryption.
• AES192—Uses the AES algorithm and 192-bit key for encryption.
• AES256—Uses the AES algorithm and 256-bit key for encryption.
• NULL—Performs no encryption.
IMPORTANT:
• Higher security means more complex implementation and lower speed. DES is
enough to meet general requirements. Use 3DES when high confidentiality
and security are required.
• The ESP authentication algorithm and ESP encryption algorithm cannot be
null at the same time.
To Next Page
Loading...
