D-Link DFL-500 user manual About DH groups, About the P1 proposal, Local ID Empty, Key

Aggressive mode with a user group selected

In this configuration, the server and the clients use aggressive mode for key exchange. A user group is selected in the server dialup remote gateway. The format of the authentication key depends on the information in the Local ID field.

About DH groups

The Diffie-Hellman (DH) algorithm creates a shared secret key that can be created at both ends of the VPN tunnel without communicating the key across the Internet.

You can select from DH group 1, 2, and 5. DH group 5 produces the most secure shared secret key and DH group 1 produces the least secure key. However, DH group 1 is faster that DH group 5.

About the P1 proposal

AutoIKE key IPSec VPNs use a two-phase process for creating a VPN tunnel. During the first phase (P1), the VPN gateways at each end of the tunnel negotiate to select a common algorithm for encryption and another one for authentication. When you configure the remote gateway P1 proposal, you are selecting the algorithms that the DFL-500 NPG proposes during phase 1 negotiation. You can select up to three different encryption and authentication algorithm combinations. Choosing more combinations might make it easier for P1 negotiation, but you can restrict the choice to one if required. For negotiation to be successful, both ends of the VPN tunnel must have at least one encryption algorithm and one authentication algorithm in common.

•Select DES to propose to encrypt packets using DES encryption.

•Select 3DES to propose to encrypt packets using triple-DES encryption.

•Select MD5 to propose to use MD5 authentication.

•Select SHA1 to propose to use SHA1 authentication.