95[For assistance, please call: 1-800-272-7033]
Operating Instructions
Functions
Phase 1 Setup
Phase 2 Setup
Note
You cannot select NULL for Encryption and None for Hash simultaneously in phase 2.
Conversion Mode Set the IKE phase 1 conversion mode to Main or Aggressive. The
key conversion procedure for Aggressive is simpler but security is
slightly reduced.
Life Time Set the IKE SA lifetime. The time must be set between 5 minutes and
2400 hours.
Proposal Entry Set whether to Enable or Disable this proposal. Proposals that are
disabled will not be proposed.
Proposal Encryption Set the method of encryption used in phase 1. Select an encryption
method from DES, 3DES, AES (128 bit), AES (192 bit), and AES
(256 bit).
Proposal Hash Set the authentication algorithm (hash). Select from MD5 and SHA-
1.
Proposal DH Group Set the DH (Diffie-Hellman) group used in phase 1. Select between 1
and 2. DH group 2 is has increased security compared to DH group
1, but group 1 is not weak. When the conversion mode is set to
Aggressive, both IPsec devices must have the same DH group set.
Life Time Set the IPsec SA lifetime. The time must be set between 5 minutes
and 2400 hours.
PFS Set whether to enable PFS (Perfect Forward Security) in phase 2.
Select from Enable DH Group 2, Enable DH Group 1, and Disable.
When Enable Group 2 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 2 creates a secret shared key.
When Enable Group 1 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 1 creates a secret shared key.
When Disabled is selected, the secret shared key created in phase 1
is used in phase 2. Security is increased when PFS is enabled rather
than disabled.
Proposal Entry Set whether to Enable or Disable this proposal. Proposals that have
Disable set will not be proposed.
Proposal Encryption Set the method of encryption. Select an encryption method from
DES, 3DES, AES (128 bit), AES (192 bit), AES (256 bit) and NULL.
Proposal Hash Set the authentication algorithm (hash). Select from MD5, SHA-1,
and None (authentication algorithm not used).