Configure Security |
|
|
| |
| Section | Field Description |
| |
| Key | Select one of the following options for the key exchange method: | ||
| (continued)Management | Auto (IKE) | ||
|
|
| – Encryption: The Encryption method determines the length of the key used | |
|
|
| to encrypt/decrypt ESP packets. Notice that both sides must use the same | |
|
|
| method. | |
|
|
| – Authentication: The Authentication method authenticates the | |
|
|
| Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice | |
|
|
| that both sides (VPN endpoints) must use the same method. | |
|
|
| MD5: A | |
|
|
| SHA: A | |
|
|
| – Perfect Forward Secrecy (PFS): If PFS is enabled, IKE Phase 2 negotiation | |
|
|
| will generate new key material for IP traffic encryption and authentication. | |
|
|
| Note that both sides must have PFS enabled. | |
|
|
| – | |
|
|
| IKE peer. Both character and hexadecimal values are acceptable in this | |
|
|
| field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use | |
|
|
| the same | |
|
|
| – Key Lifetime: This field specifies the lifetime of the IKE generated key. If | |
|
|
| the time expires, a new key will be renegotiated automatically. The Key | |
|
|
| Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is | |
|
|
| 3600 seconds. | |
|
| | Manual | |
|
|
| – Encryption: The Encryption method determines the length of the key used | |
|
|
| to encrypt/decrypt ESP packets. Notice that both sides must use the same | |
|
|
| method. | |
|
|
| – Encryption Key: This field specifies a key used to encrypt and decrypt IP | |
|
|
| traffic. Both character and hexadecimal values are acceptable in this field. | |
|
|
| Note that both sides must use the same Encryption Key. | |
|
|
| – Authentication: The Authentication method authenticates the | |
|
|
| Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice | |
|
|
| that both sides (VPN endpoints) must use the same method. | |
|
|
| MD5: A | |
|
|
| SHA: A | |
|
|
| – Authentication Key: This field specifies a key used to authenticate IP | |
|
|
| traffic. Both character and hexadecimal values are acceptable in this field. | |
|
|
| Note that both sides must use the same Authentication Key. | |
|
|
| – Inbound SPI/Outbound SPI: The Security Parameter Index (SPI) is carried | |
|
|
| in the ESP header. This enables the receiver to select the SA, under which a | |
|
|
| packet should be processed. The SPI is a | |
|
|
| hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each | |
|
|
| tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels | |
|
|
| share the same SPI. Note that the Inbound SPI must match the remote | |
|
|
| gateway's Outbound SPI, and vice versa. | |
|
|
|
|
|
60 |
|
| 4021192 Rev A |