|
| B |
|
|
|
| Field | Description |
|
|
|
| Phase 1 DH group | Select one of the |
|
| 1536 bits. |
|
| |
|
| and private keys for encryption and decryption. The higher the |
|
| number of bits, the more secure the encryption. Options: |
|
| Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits). |
|
|
|
| Phase 1 encryption | Secure the VPN connection between endpoints: DES, 3DES, |
|
| |
|
| Select any encryption but make the far endpoints match. |
|
| Common encryption settings are 3DES and AES. |
|
|
|
| Phase 1 authentication | Set Authentication, another level of security, to SHA or MD5 |
|
| Motorola recommends SHA because it is more secure but you |
|
| can use either authentication provided the other end of the |
|
| VPN tunnel uses the same method. |
|
|
|
| Phase 1 SA lifetime | Specify the lifetime of individual rotating keys. |
|
| Enter the number of seconds for the key to last until a |
|
| negotiation between each endpoint is negotiated. The default |
|
| setting is 28,800 seconds. |
|
| A smaller lifetime is generally more secure, since it would give |
|
| an attacker a smaller amount of time to try to crack the key, |
|
| however key negotiation takes up bandwidth, so network |
|
| throughput is sacrificed with small lifetimes. Entries are |
|
| typically in the thousands or tens of thousands of seconds. |
|
|
|
10 • VPN Pages | 62 |