AppendixB Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
B-42
User Guide for CiscoSecurity Manager3.0.1
OL-8214-02
Modulus Group Available if Enable Perfect Forward Secrecy is selected.
Select the required Diffie-Hellman key derivation algorithm from
the Modulus Group list box.
Security Manager supports Diffie-Hellmangroup 1, group 2, group
5, and group 7 keyderivation algorithms. Each group has a different
size modulus:
Group 1: 768-bit modulus.
Group 2: 1024-bit modulus.
Group 5: 1536-bit modulus.
Group 7: Use when the elliptical curve field size is 163 characters.
For more information, see Deciding Which Diffie-Hellman Group
to Use, page 9-60.
Lifetime (sec) The numberof secondsan SAwill existbefore expiring.The default
is 3600 seconds (one hour).
Lifetime refers to the global lifetime settings for the crypto IPSec
security association (SA). The IPSec lifetime can be specified in
seconds, in kilobytes, or both.
Lifetime (kbytes) The volume of traffic (in kilobytes) that can pass between IPSec
peers using a given SA before it expires. The default is 4,608,000
kilobytes.
Advanced (IOS)
QoS Preclassify Supported on Cisco IOS routers, except 7600 devices.
Select this check box if you want to enable the classification of
packets before tunneling and encryption occur.
The Quality of Service (QoS) for VPNs feature enables Cisco IOS
QoS services to operate with tunneling and encryption on an
interface.
The QoS features on the output interface classify packets and apply
the appropriate QoS service before the data is encrypted and
tunneled, enabling traffic flows to be adjusted in congested
environments, and resulting in more effective packet tunneling.
TableB-15 IPSec Proposal Page (continued)
Element Description