7.9.3 IPSec Proposal
•IPSec Proposal index: A list of selected proposal indexes from the IPSec proposal pool. The selected activity is performed when you select a proposal ID and click the Add to button next to Proposal ID
•Proposal Name: The proposal name indicates which IPSec proposal will be monitored. The first character of the name with the value of 0x00 stands for the IPSec proposal that is not available.
•DH Group - Three groups can be selected:
oGroup 1 (MODP768)
oGroup 2 (MODP1024)
oGroup 5 (MODP1536) However, you can also select None.
•Encapsulation protocol - Two protocols can be selected:
oESP
oAH
•Encryption algorithm - Two algorithms can be selected:
o3DES
oDES
However, when the encapsulation protocol is set to AH, the encryption algorithm is unnecessary.
•Authentication algorithm - Two algorithms can be selected: o SHA1
o MD5
However, you can also select None.
•Life Time: The unit of Life time is based on the value of the life time unit, which can be seconds or KB. If the value of the unit is seconds, the value of life time represents the life time of the dedicated VPN tunnel between both end gateways. Its value can range from 300 to 172,800 seconds. If the value of the unit is KB, the value of life time represents the maximum allowable amount of transmitted packets through the dedicated VPN tunnel between both end gateways. This value can range from 20,480 to 2,483,647 KB.
•Life Time Unit: The life time unit can be set to seconds or KB.
•Proposal ID: The identifier of the IPSec proposal can be selected for adding a corresponding proposal to the dedicated tunnel. A total of ten proposals can be set in the proposal pool. A maximum of four proposals from the pool can be applied to the dedicated tunnel.
•“Add to” button: Click this button to add the selected proposal, shown in the proposal ID field of the IPSec Proposal index list. The proposal shown in the index list will be used in phase 2 of the IPSec negotiation for getting the IPSec SA of the dedicated tunnel.