Vigor2800 Series User’s Guide
86
High (ESP-Encapsulating Security Payload)- means
payload (data) will be encrypted and authenticated. Select
from below:
DES without Authentication -Use DES encryption algorithm
and not apply any authentication scheme.
DES with Authentication-Use DES encryption algorithm and
apply MD5 or SHA-1 authentication algorithm.
3DES without Authentication-Use triple DES encryption
algorithm and not apply any authentication scheme.
3DES with Authentication-Use triple DES encryption
algorithm and apply MD5 or SHA-1 authentication algorithm.
AES without Authentication-Use AES encryption algorithm
and not apply any authentication scheme.
AES with Authentication-Use AES encryption algorithm and
apply MD5 or SHA-1 authentication algorithm.
Advanced Specify mode, proposal and key life of each IKE phase,
Gateway etc.
The window of advance setup is shown as below:
IKE phase 1 mode -Select from Main mode and Aggressive
mode. The ultimate outcome is to exchange security proposals
to create a protected secure channel. Main mode is more
secure than Aggressive mode since more exchanges are done
in a secure channel to set up the IPSec session. However, the
Aggressive mode is faster. The default value in Vigor router is
Main mode.
IKE phase 1 proposal-To propose the local available
authentication schemes and encryption algorithms to the VPN
peers, and get its feedback to find a match. Two combinations
are available for Aggressive mode and nine for Main mode.
We suggest you select the combination that covers the most
schemes.
IKE phase 2 proposal-To propose the local available
algorithms to the VPN peers, and get its feedback to find a
match. Three combinations are available for both modes. We
suggest you select the combination that covers the most
algorithms.
IKE phase 1 key lifetime-For security reason, the lifetime of
key should be defined. The default value is 28800 seconds.
You may specify a value in between 900 and 86400 seconds.
IKE phase 2 key lifetime-For security reason, the lifetime of
key should be defined. The default value is 3600 seconds.
You may specify a value in between 600 and 86400 seconds.