![](/images/backgrounds/126821/126821-366174x1.png)
Prestige 334 User’s Guide
Table 52 VPN IKE: Advanced
LABEL | DESCRIPTION |
|
|
Peer Content | The configuration of the peer content depends on the peer ID type. |
| • For IP, type the IP address of the computer with which you will make the |
| VPN connection. If you configure this field to 0.0.0.0 or leave it blank, the |
| Prestige will use the address in the Secure Gateway Address field (refer |
| to the Secure Gateway Address field description). |
| • For DNS or |
| identify the remote IPSec router. Use up to 31 ASCII characters including |
| spaces, although trailing spaces are truncated. The domain name or |
| address is for identification purposes only and can be any string. |
| It is recommended that you type an IP address other than 0.0.0.0 or use the |
| DNS or |
| • When there is a NAT router between the two IPSec routers. |
| When you want the Prestige to distinguish between VPN connection requests |
| that come in from remote IPSec routers with dynamic WAN IP addresses. |
IKE Phase 1 | A phase 1 exchange establishes an IKE SA (Security Association). |
|
|
Negotiation Mode | Select Main or Aggressive from the |
| negotiation mode should be identical to that on the remote secure gateway. |
Encryption Algorithm | Select DES or 3DES from the |
| algorithm should be identical to the secure remote gateway. When DES is |
| used for data communications, both sender and receiver must know the same |
| secret key, which can be used to encrypt and decrypt the message. The DES |
| encryption algorithm uses a |
| DES that uses a |
| also requires more processing power, resulting in increased latency and |
| decreased throughput. |
Authentication | Select SHA1 or MD5 from the |
Algorithm | authentication algorithm should be identical to the secure remote gateway. |
| MD5 (Message Digest 5) and SHA1 (Secure Hash Algorithm) are hash |
| algorithms used to authenticate the source and integrity of packet data. The |
| SHA1 algorithm is generally considered stronger than MD5, but is slower. |
| Select |
SA Life Time | Define the length of time before an IKE SA automatically renegotiates in this |
| field. It may range from 60 to 3,000,000 seconds (almost 35 days). A short SA |
| Life Time increases security by forcing the two VPN gateways to update the |
| encryption and authentication keys. However, every time the VPN tunnel |
| renegotiates, all users accessing remote resources are temporarily |
| disconnected. |
Key Group | You must choose a key group for phase 1 IKE setup. DH1 (default) refers to |
| |
| Group 2 a 1024 bit (1Kb) random number. |
Type your | |
| communicating party during a phase 1 IKE negotiation. It is called "pre- |
| shared" because you have to share it with another party before you can |
| communicate with them over a secure connection. |
IKE Phase 2 | A phase 2 exchange uses the IKE SA established in phase 1 to negotiate the |
| SA for IPSec. |
Encapsulation Mode | Select Tunnel mode or Transport mode from the drop down |
| Prestige's encapsulation mode should be identical to the secure remote |
| gateway. |
173 | Chapter 15 VPN Screens |