Chapter 13 VPN
Table 37 IPSec VPN: Add
LABEL | DESCRIPTION |
Encryption | Select which key size and encryption algorithm to use in the IKE SA. Choices |
Algorithm | are: |
| DES - a |
| 3DES - a |
| AES128 - a |
| AES192 - a |
| AES256 - a |
| The LTE Device and the remote IPSec router must use the same key size and |
| encryption algorithm. Longer keys require more processing power, resulting in |
| increased latency and decreased throughput. |
|
|
Authentication | Select which hash algorithm to use to authenticate packet data. Choices are |
Algorithm | MD5, SHA1, |
| than MD5, but it is also slower. |
|
|
DH | Select which |
| Choices are: |
| |
| |
| |
| The longer the key, the more secure the encryption, but also the longer it takes |
| to encrypt and decrypt information. Both routers must use the same DH key |
| group. |
|
|
SA Life Time | Define the length of time before an IPSec SA automatically renegotiates in this |
| field. |
| A short SA Life Time increases security by forcing the two VPN gateways to |
| update the encryption and authentication keys. However, every time the VPN |
| tunnel renegotiates, all users accessing remote resources are temporarily |
| disconnected. |
|
|
Phase 2 |
|
|
|
Encryption | Select which key size and encryption algorithm to use in the IKE SA. Choices |
Algorithm | are: |
| DES - a |
| 3DES - a |
| AES128 - a |
| AES192 - a |
| AES256 - a |
| The LTE Device and the remote IPSec router must use the same key size and |
| encryption algorithm. Longer keys require more processing power, resulting in |
| increased latency and decreased throughput. |
|
|
Authentication | Select which hash algorithm to use to authenticate packet data. Choices are |
Algorithm | MD5, SHA1, |
| than MD5, but it is also slower. |
|
|
90 |
|
LTE6100 User’s Guide | |
|
|