NB3700 User Manual 3.8
Parameter IPsec XAUTH Settings
User name The name of the XAUTH user
User password The password of the XAUTH user
Group name The group ID
Group password The group secret
IKE Proposal
This section can be used to configure the phase 1 settings:
Parameter IPsec IKE Proposal Settings
Negotiation mode Choose the desired negotiation mode. Preferably, main
mode should be used but aggressive mode might be ap-
plicable when dealing with dynamic endpoint addresses.
Encryption algorithm The desired IKE encryption method (we recommend
AES256)
Authentication algo-
rithm
The desired IKE authentication method (we prefer SHA1
over MD5)
IKE Diffie-Hellman
Group
The IKE Diffie-Hellman Group
SA life time The lifetime of Security Associations
Perfect Forward Secrecy Specifies whether Perfect Forward Secrecy (PFS) should be
used. This feature increases security as PFS avoids pene-
tration of the key-exchange protocol and prevents compro-
misation of previous keys.
IPsec Proposal
This section can be used to configure the phase 2 settings:
Parameter IPsec Proposal Settings
Encapsulation mode The desired encapsulation mode (Tunnel or Transport)
IPsec protocol The desired IPsec protocol (AH or ESP)
Encryption algorithm The desired IKE encryption method (we recommend
AES256)
89
To Next Page
Loading...
