Mode
el are encrypted. In
ggressive mode, there is no encryption in the
You can select between Main and Aggressive
modes for the Phase 1 negotiation to establish a
VPN IPSec tunnel. In the Main mode, all
communication between the two endpoints of
an IPSec VPN tunn
A
Phase 1 negotiation.
The DH algorithm allows the DFL-600 to
generate secret ke
Phase 1 negotiation. Group 1 generates a 768-
bit key and Group 2 generates
DH Group
ys for encryption for the
a 1024-bit key.
The same DH Group must be used on both ends
of an IPSec VPN tunnel.
IKE Life Duration This is the duration (in seconds) the phase 1 key
after the tunnel is established. When this
o peers will trigger a duration has past, the tw
restart of the phase 1 negotiation to set up a new
phase 1 key. Phase 2 negotiation will also be
triggered to build a new tunnel.
IKE Hash This drop-down menu a
algorithm that will be used to ensure that the
messages exchanged between the tw
VPN tunnel endpoints has been received
exactly as it was sent. In other words, a Hash
algorithm is used to gene
by a mathematical operation using the entire
message. The resulting numb
message digest. The very sam
operation is performed when the m
received, and if there has been any change in
llows you to select the
o IPSec
rate a binary number
er is called a
e mathematical
essage is
the message in transit, the resulting message
digest number will be different and the message
will be rejected. You can choose between MD5
− a 128-bit message digest, and SHA − which
generates a 160-bit message digest. You must
have exactly the same IKE Hash algorithm on
both ends of a VPN tunnel.
This dro
p
-down menu allows
y
ou to select the
IKE Encryption