7.9.3 | IPSec Proposal
• IPSec Proposal index: A list of selected proposal indexes from the IPSec proposal pool.
The selected activity is performed when you select a proposal ID and click the Add to
button next to Proposal ID roll-down list. A maximum of four indexes can be selected
from the proposal pool for the dedicated tunnel.
• Proposal Name: The proposal name indicates which IPSec proposal will be monitored.
The first character of the name with the value of 0x00 stands for the IPSec proposal that
is not available.
• DH Group - Three groups can be selected:
o Group 1 (MODP768)
o Group 2 (MODP1024)
o Group 5 (MODP1536)
However, you can also select None.
• Encapsulation protocol - Two protocols can be selected:
o ESP
o AH
• Encryption algorithm - Two algorithms can be selected:
o 3DES
o DES
However, when the encapsulation protocol is set to AH, the encryption algorithm is
unnecessary.
• Authentication algorithm - Two algorithms can be selected:
o SHA1
o MD5
However, you can also select None.
• Life Time: The unit of Life time is based on the value of the life time unit, which can be
seconds or KB. If the value of the unit is seconds, the value of life time represents the
life time of the dedicated VPN tunnel between both end gateways. Its value can range
from 300 to 172,800 seconds. If the value of the unit is KB, the value of life time
represents the maximum allowable amount of transmitted packets through the dedicated
VPN tunnel between both end gateways. This value can range from 20,480 to 2,483,647
KB.
• Life Time Unit: The life time unit can be set to seconds or KB.
• Proposal ID: The identifier of the IPSec proposal can be selected for adding a
corresponding proposal to the dedicated tunnel. A total of ten proposals can be set in the
proposal pool. A maximum of four proposals from the pool can be applied to the
dedicated tunnel.
• “Add to” button: Click this button to add the selected proposal, shown in the proposal ID
field of the IPSec Proposal index list. The proposal shown in the index list will be used in
phase 2 of the IPSec negotiation for getting the IPSec SA of the dedicated tunnel.