10 SVG2500 VPN PAGES
Field | Description |
IPsec Settings | With VPN tunnels, there are two phases of Security Association |
| (SA). Phase 1 is used to create an IKE SA. After Phase 1 is |
| completed, Phase 2 is used to create one or more IPSEC SAs, |
| which are then used to key IPSEC sessions. |
| If one side of the VPN tunnel is using a unique firewall identifier (or |
| |
| entered in the |
Phase 1 DH group | There are three |
| 1024 bits, and 1536 bits. |
| |
| private keys for encryption and decryption. The higher the number |
| of bits selected from the options list, the more secure the |
| encryption. Options: Group 1 (768 bits), Group 2 (1024 bits), or |
| Group 5 (1536 bits). |
Phase 1 encryption | Encryption is used to secure the VPN connection between |
| endpoints. Five different types of encryption are available: DES, |
| 3DES, |
| may be selected as long as the far endpoint matches. One of the |
| more common settings here is 3DES; however, AES is also a very |
| strong encryption method. |
Phase 1 authentication | Authentication acts as another level of security. The two types of |
| authentication available are MD5 and SHA. SHA is recommended |
| because it is more secure. Either authentication type may be used |
| as long as the other end of the VPN tunnel uses the same method. |
Phase 1 SA lifetime | Specifies the lifetime of individual rotating keys. |
| Enter the desired number of seconds for the key to last until a re- |
| key negotiation between each endpoint is negotiated. The default |
| setting is 28,800 seconds. |
| A smaller lifetime is generally more secure, since it would give an |
| attacker a smaller amount of time to try to crack the key, but key |
| negotiation does take up bandwidth, so network throughput will be |
| sacrificed with small lifetimes. Entries here are typically in the |
| thousands or tens of thousands of seconds. |
113