Warning

The secret must be entered identically at each end of the tunnel. The tunnel will fail to connect if the secret is not identical at both ends. The secret is a highly sensitive piece of information. It is essential to keep this information confidential. Communications over the IPSec tunnel may be compromised if this information is divulged.

Select a Phase 1 Proposal. Any combination of the ciphers, hashes and Diffie Hellman groups that the CyberGuard SG appliance supports can be selected. The supported ciphers are DES (56 bits), 3DES (168 bits) and AES (128, 196 and 256 bits). The supported hashes are MD5 and SHA and the supported Diffie Hellman groups are 1 (768 bit), 2 (1024 bit) and 5 (1536 bits). The CyberGuard SG appliance also supports extensions to the Diffie Hellman groups to include 2048, 3072 and 4096 bit Oakley groups. In this example, select the 3DES-SHA-Diffie Hellman Group 2 (1024 bit) option. Click the Continue button to configure the Phase 2 Settings.

Other options

The following options will become available on this page depending on what has been configured previously:

Local Public Key field is the public part of the RSA key generated for RSA Digital Signatures authentication. These fields are automatically populated and do not need to be modified unless a different RSA key is to be used. This key must be entered in the Remote Public Key field of the remote party's tunnel configuration. This field appears when RSA Digital Signatures has been selected.

Remote Public Key field is the public part of the remote party's RSA Key generated for RSA Digital Key authentication. This field must be populated with the remote party's public RSA key. This field appears when RSA Digital Signatures has been selected.

Modulus, Public Exponent, Private Exponent, Prime1, Prime2, Exponent1, Exponent2 and Coefficient fields constitute the private part of the RSA key. These fields are automatically populated and do not need to be modified unless a different RSA key is to be used. This field appears when RSA Digital Signatures has been selected.

Local Certificate pull down menu contains a list of the local certificates that have been uploaded for x.509 authentication. Select the required certificate to be used to negotiate the tunnel. This field appears when x.509 Certificates has been selected.

130

Virtual Private Networking

Page 133 Page 135
Page 134
Image 134
SnapGear 2.0.1 user manual Other options, Virtual Private Networking
Page 133 Page 135
Top Page Image Contents