Virtual Private Network
| maximum life duration is 86400 seconds. |
|
|
IKE Hash | Select the Hash algorithm that will be used to ensure that the messages |
| exchanged between the two IPSec VPN tunnel endpoints has been |
| received exactly as it was sent. In other words, a Hash algorithm is used |
| to generate a binary number by a mathematical operation using the entire |
| message. The resulting number is called a message digest. The same |
| operation is performed when the message is received, and if there has |
| been any change in the message during transit, the resulting message |
| digest number will be different and the message will be rejected. The |
| options are: |
| • MD5 - a |
| • SHA - This generates a |
| User needs to configure exactly the same IKE Hash algorithm on both |
| ends of a VPN tunnel. |
|
|
IKE Encryption | Select the encryption algorithm (DES, 3DES) that will be used to encrypt |
| the messages passed between the VPN tunnel endpoints during the Phase |
| 1 negotiation. The length of the key for the 3DES algorithm is three times |
| that of the DES key, and is therefore more secure. User must choose |
| exactly the same IKE Encryption algorithm on both ends of a VPN tunnel. |
|
|
Phase 2 Proposal |
|
|
|
PFS Mode | Select the mode that will be used for IPSec Perfect Forward Secrecy (PFS). |
| (Group 1, Group 2, Disabled). |
| • Group 1 uses |
| • Group 2 uses |
| • Disable disables the PFS mode. |
| User must use exactly the same PFS mode on both ends of the VPN |
| tunnel. |
IPSec Operation Select the IPSec transform that will be applied to packets that are sent between the two endpoints of a VPN tunnel.
•ESP - specifies that the entire packet will be encrypted (using DES, 3DES or AES algorithm, as selected in ESP Transform field) and authenticated (using MD5 or SHA algorithm, as selected in ESP Authentication field).
•AH - specifies that only the authentication algorithm (MD5 or SHA, as selected in the AH transform field) will be used. When AH is selected, the data portion of packets sent between the two endpoints of a VPN tunnel will not be encrypted.
IPSec Life Duration Enter the IPSec Life Duration (in seconds). This is the life duration of Phase 2 key. When this timer expires, the two peers should trigger Phase 2 negotiation again to set up a new Phase 2 key. The minimum life duration is 180 seconds and maximum life duration is 86400 seconds.
ESP Transform | Select the ESP transform encryption algorithm (Null, DES, 3DES and |
| AES) to be used when ESP is selected as the IPSec Operation. User needs |
| to select the same ESP transform encryption algorithm on both ends of a |
| VPN tunnel. |
|
|
ESP Auth | Select the ESP authentication algorithm (Null, MD5 and SHA) to be used |
| when ESP is selected for IPSec Operation. The user needs to use the same |
Dlink | 54 |