Chapter 7 VPN

Table 7–3: IPSec Security Association Configuration Parameters (Continued)

Parameter

Description

 

 

Manual Setup:

These configuration parameters are available if Manual is selected as the Keying mode.

Encryption

Select an appropriate encryption method:

 

• ESP DES-CBC (weak encryption, not recommended)

 

• ESP 3DES-CBC (strong encryption)

 

• ESP AES-CBC-128 (strong encryption)

 

• ESP AES-CBC-192(strong encryption)

 

• ESP AES-CBC-256(strong encryption)

 

Enter a hexadecimal Key value for the key.

 

Note By default all new X family devices are supplied with

 

56-bit DES encryption only. To enable the strong encryption

 

functionality (3DES, 128-AES, 192-AES, 256-AES) required to

 

create secure VPN connections, install the correct Strong

 

Encryption Service Pack for your device available from the TMC

 

Web site.

 

 

Authentication

Select an appropriate authentication method:

 

• ESP MD5 HMAC

 

• ESP SHA-1 HMAC (recommended)

 

• AH MDS

 

• AH SHA-1

 

Enter a hexadecimal Key value for the key.

 

 

Incoming SPI (hex)

In the Incoming SPI (hex) and Outgoing SPI (hex) fields

Outgoing SPI (hex)

respectively, enter unique hexadecimal values (from 1 to 8

 

characters) for the incoming and outgoing SPI.

 

When you configure the remote device, specify the same SPI values

 

in reverse order. That is, use the incoming SPI value specified here

 

as the outgoing SPI on the remote device. Use the outgoing SPI

 

value specified here as the incoming SPI on the remote device.

 

The Security Parameter Index (SPI) identifies the cryptographic

 

keys and algorithms to be used to establish a VPN tunnel. For

 

additional information, see the Concepts Guide.

 

 

192 X Family LSM User’s Guide V 2.5.1