Internet Key Exchange for VPNs 6-5
•The Profile Name field accepts any name of up to 16 characters. Sixteen IKE Phase 1 profiles are supported, since each of the potential sixteen Connection Profiles may be associated with a separate IKE Phase 1 profile.
•The Mode pop-up menu allows you to choose between Main Mode (the default) and Aggressive Mode.
•In Main Mode the Router hides the Local and Remote Identity Type and Value fields, defaults to the host address, and always uses the IPV4 Address and the local and remote tunnel endpoint address.
•In Aggressive Mode the Local and Remote Identity Type pop-up menus allow you to choose the type of Identity value to use: IPv4 Address, IPv4 Subnet, IPv4 Range, Host Name, E-Mail Address, Key ID (ASCII), and Key ID (HEX). The Local and Remote Identity Type and Value menus allow you to specify one of the following, based on what Local Identity Type you selected in the previous pop-up menu:
IPv4 Address: A single IPv4 address in the familiar dotted-quad notation (a.b.c.d).
IPv4 Subnet: A single IPv4 network address in dotted-quad notation (a.b.c.d) followed by a mask specified either by a slash and a bit-count between 0 and 32 OR by a second dotted-quad.
IPv4 Range: Two IPv4 addresses in dotted quad notation (a.b.c.d) separated by a space.
Host Name: A fully-qualified domain name (FQDN).
E-Mail Address: An RFC 822 e-mail address in the form user@hostname.
Key ID (ASCII): An opaque string consisting of printable ASCII characters represented as a sequence of printable ASCII characters.
Key ID (HEX): An opaque string consisting of arbitrary 8-bit ASCII values represented as a sequence of hexadecimal digits, each of which corresponds to one nibble of the string value.
•The Authentication Method pop-up menu specifies the IKE Phase 1 authentication method. The only currently supported authentication method is Shared Secret. Other methods may be supported in future software releases.
•The Shared Secret field allows you to enter a shared secret phrase (between 1 and 48 characters long) that will be used to generate key material for IKE Phase 1.
•The Encryption Algorithm pop-up menu specifies the IKE Phase 1 encryption algorithm, and may be either DES (the default) or 3DES.
•The Hash Algorithm pop-up menu specifies the IKE Phase 1 hash algorithm, and may be either SHA1 (the default) or MD5.
•The Diffie-Hellman Group pop-up menu specifies the IKE Phase 1 Diffie-Hellman key exchange size, and may be either Group 1 (768 bits), Group 2 (1024 bits) (the default), or Group 5 (1536 bits).
•If you select Xauth Options the Xauth Options screen appears.
