VPN | 9 |
| |
Setting Up a Gateway to Gateway (Site to Site) VPN |
|
|
|
|
|
•Required fields for IKE with Preshared Key
Enter the settings for Phase 1 and Phase 2. Phase 1 establishes the preshared keys to create a secure authenticated communication channel. In Phase 2, the IKE peers use the secure channel to negotiate Security Associations on behalf of other services such as IPsec. Be sure to enter the same settings when configuring other router for this tunnel.
-Phase 1 / Phase 2 DH Group: DH
protocol. There are three groups of different prime key lengths: Group 1 - 768 bits, Group 2 - 1,024 bits, and Group 5 - 1,536 bits. For faster speed but lower security, choose Group 1. For slower speed but higher security, choose Group 5. Group 1 is selected by default.
-Phase 1 / Phase 2 Encryption: Select a method of encryption for this
phase: DES, 3DES,
-Phase 1 / Phase 2 Authentication: Select a method of authentication
for this phase: MD5 or SHA1. The authentication method determines how the ESP (Encapsulating Security Payload Protocol) header packets are validated. MD5 is a
-Phase 1 / Phase 2 SA Life Time: Configure the length of time a VPN tunnel is active in this phase. The default value for Phase 1 is 28800 seconds. The default value for Phase 2 is 3600 seconds.
-Perfect Forward Secrecy: If the Perfect Forward Secrecy (PFS) feature is enabled, IKE Phase 2 negotiation will generate new key material for IP traffic encryption and authentication, so hackers using brute force to break encryption keys will not be able to obtain future IPSec keys. Check the box to enable this feature, or uncheck the box to disable this feature. This feature is recommended.
-Preshared Key: Enter a
Cisco Small Business RV0xx Series Routers Administration Guide | 135 |
