Note:
The difference between the two is that aggressive mode will pass more information in fewer
packets, with the benefit of slightly faster connection establishment, at the cost of transmitting the
identities of the security firewall in the clear. When using aggressive mode, some configuration
parameters such as Diffie-Hellman groups, and PFS cannot be negotiated, resulting in a greater
importance of having "compatible" configuration on both ends.
M y Identifie r Type - Select the local ID type for IKE negotiation. Local Wan IP: uses an IP
address as the ID in IKE negotiation. FQDN: uses a name as the ID.
M y Ide ntifier - This field does not need to enter if Local WAN IP is selected in M y Ide ntifier
Type field. And the WAN IP will be used automatically as Identifier. If Name type is selected,
enter a name for the local device as the ID in IKE negotiation.
Re mote Ide ntifier Type - The remote gateway IP will be inputted automatically if IP Address
type is selected. If Name type is selected, enter the name of the remote peer as the ID in IKE
negotiation.
Re mote Ide ntifier - This field does not need to enter if Re mote WAN IP is selected in Re mote
Ide ntifier Type field. And the remote gateway IP will be used automatically as Identifier. If
Name type is selected, enter the name of the remote peer as the ID in IKE negotiation.
Encryption Algorithm - Specify the encryption algorithm for IKE negotiation. Options include:
DES, 3DES, AES-128, AES-192, AES-256.
Integrity Algorithm - Select the authentication algorithm for IKE negotiation. Options include:
MD5 and SHA1.
Se le ct Diffie -Hellman Group for Key Exchange - Select the DH (Diffie-Hellman) group to be
used in key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Key Life Time: Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.
Settings for Phase 1:
Encryption Algorithm - Specify the encryption algorithm for IKE negotiation. Options include:
DES,3DES, AES-128, AES-192, AES-256
Integrity Algorithm - Select the authentication algorithm for IKE negotiation. Options include:
MD5 and SHA1.
Diffie-Hellman Group for Key Exchange - Select the DH (Diffie-Hellman) group to be used in
key negotiation phase 1. The DH Group sets the strength of the algorithm in bits.
Ke y Life Time - Enter the number of seconds for the IPSec lifetime. It is the period of time to
pass before establishing a new IPSec security association (SA) with the remote endpoint. The
default value is 3600.
To Next Page
Loading...
