Avaya 3.7 - page 153

Configuring an IKE VPN

Issue 4 May 2005 153

●Select 3DES to divide VPN traffic into 64 bit blocks and encrypt each block three times

with three different keys.

12. Use the Authentication Algorithm list to select a specific type of algorithm that each

security gateway must use to authenticate each other.

●Select Any if you want the security gateways to automatically negotiate which algorithm

to use.

●Select MD5 if you want each security gateway to authenticate each other using the

Message Digest 5 (MD5) hash function.

●Select SHA1 if you want each security gateway to authenticate each other using the

Secure Hash Algorithm-1 (SHA-1) .

SHA1 is considered to be a stronger hash function than MD5, and may be required for

US Federal applications that do not require a digital signature.

13. From the Lifetime text boxes and lists to configure the time limit for creating and

exchanging a new set of unique keys.

14. If the Time-based value expires before the Throughput value, key creation and exchange is

performed, and likewise, if Throughput expires before the Time-based value.

15. Click Modify Secret to open the Modify Secret dialog. Create a shared secret for

authenticating security gateways and members of the VPN.

●To manually create a secret, type in an alphanumeric string in the text box

●To automatically create a secret, click Auto-generate.

16. Click OK.

Note:

Note: Modify Secret is only available when creating a VPN based on Preshared Secret.

17. Click the Security (IPSec) tab to bring it to the front.

18. The Security (IPSec) tab is used to set up the desired IPSec protocol information

(parameters relating to payload) that the VPNs use.Two sets of options are available. The

IPSec options control packet alteration, and the IPSec Proposal options are used to create

up to four different proposals for payload encryption and authentication.

19. Use the LZS list for applying compression to packet payloads.

20. According to RFC 2395, “IP Payload Compression using LZS,” experiments have shown

that the LZS algorithm compressed a 64-byte file to 85% of its original size, while a

16384-byte file was compressed to 47% of its original size. Whether or not your network

benefits from compression, depends on what is typically transported; for example, video

and sound traffic are already compressed, so additional compression has little effect and

may load the security gateway.

●Select Yes to apply compression.

●Select No to not apply compression.

21. Use the Perfect Forward Secrecy list to control key creation.