Phase 1DH Group
Select the Diffie-Hellman key group (DHx) you want to use for
encryption keys.
DH1: uses a 768-bit random number
DH2: uses a 1024-bit random number
DH5: uses a 1536-bit random number.
Phase 1 Encryption
Select the key size and encryption algorithm to use for data
communications.
DES: a 56-bit key with the DES encryption algorithm
3DES: a 168-bit key with the DES encryption algorithm. Both the cable
modem/router and the remote IPSec router must use the same
algorithms and key, which can be used to encrypt and decrypt the
message or to generate and verify a message authentication code. Longer
keys require more processing power, resulting in increased latency and
decreased throughput.
AES: AES (Advanced Encryption Standard) is a newer method of data
encryption that also uses a secret key. This implementation of AES
applies a 128-bit key to 128-bit blocks of data. AES is faster than 3DES.
Here you have the choice of AES-128, AES-192 and AES-256.
Phase 1 Authentication
Select the hash algorithm used to authenticate packet data in the IKE SA.
SHA1: generally considered stronger than MD5, but it is also slower.
MD5 (Message Digest 5): produces a 128-bit digest to authenticate
packet data.
SHA1 (Secure Hash Algorithm): produces a 160-bit digest to
authenticate packet data.
Phase 1 SA Lifetime
In this field define the length of time before an IKE SA automatically
renegotiates. This value may range from 120 to 86400 seconds. A short
SA lifetime increases security by forcing the two VPN cable
modem/router’s to update the encryption and authentication keys.
However, every time the VPN tunnel renegotiates, all users accessing
remote resources are temporarily disconnected.
92
To Next Page
Loading...
