Siemens 5890 manual Siemens

3.Select one of the following security protocols:

•AH (Authentication Header ) method, a security protocol that authenticates the sender of each data packet. If the AH protocol is selected, only packet authentication can be performed, not encryption. To select AH as the authentication method, select one of the following to use as the hashing algorithm for AH authentication from the AH Authentication Scheme drop-down menu:

-NONE: Requests no AH encapsulation.

-MD5: Requests AH encapsulation and authenticates using Message Digest 5.

-SHA1: Requests AH encapsulation and authenticates using Secure Hashing Algorithm 1.

•ESP (Encapsulating Security Payload) method, a security protocol that completely encapsulates and optionally encrypts user data and/or authenticates the sender of each data packet. If the ESP protocol is selected, encryption, authentication, or both encryption and authentication can be performed.. To select ESP as the authentication method, select one of the following to use as the hashing algorithm hashing algorithm for ESP authentication from the ESP Authentication Scheme drop-down menu.

-NONE: Requests no ESP encapsulation.

-MD5: Requests ESP encapsulation and authenticates using Message Digest 5.

-SHA1: Requests ESP encapsulation and authenticates using Secure Hashing Algorithm 1.

4.If you selected ESP authentication, select one of the following from the ESP Encryption Type drop-down menu to specify the algorithm to use to encrypt ESP IPSec packets:

-DES: Encrypts using a 56-bit key.

-3DES: Encrypts using three 56-bit keys to produce 168-bit encryption.

-NULL: ESP encapsulation, but no data encryption. ESP encapsulation verifies the source, but data is sent in the clear to increase throughput.

-NONE: No ESP encapsulation and no encryption is used.

5.From the IP Compression Method drop-down menu, select one of the following to specify the algorithm to to use to compress IPSec packets: LZS IP compression or None.

6.In Phase II Proposal Lifetime, enter the number of seconds after the IPSec SA expires. The default is 1800 seconds. Once this time is elapsed, the system will renegotiate the IKE connection.

7.In Phase II Proposal Life Data, enter the amount of data, measured in kilobytes, before the IPSec SA terminates. After the specified quantity of data has been transferred, the system will renegotiate the IKE connection. If zero is entered, the data quantity will be unlimited. By setting a limit on the amount of data transferred, the risk of a key becoming compromised is reduced.

8.Click Apply.