218
Key Exchange Method:
Displays key exchange method.
Pre-Shared Key:
This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128
characters. Both sides should use the same key. IKE is used to establish a shared security policy
and authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can
be passed, each router must be able to verify the identity of its peer. This can be done by manually
entering the pre-shared key into both sides (router or hosts).
Local ID Type
and
Remote ID Type:
When the mode of phase 1 is aggressive, Local and Remote
peers can be identified by other IDs.
ID content:
Enter ID content the name you want to identify when the Local and Remote Type are
Domain Name; Enter ID content IP address you want to identify when the Local and Remote Type
are IP addresses (IPv4 and IPv6 supported).
Phase 1
Mode:
Select IKE mode from the drop-down menu:
Main
or
Aggressive
. This IKE provides
secured key generation and key management.
Encryption Algorithm:
Select the encryption algorithm from the drop-down menu. There are
several options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but
increase latency.
DES:
Stands for Triple Data Encryption Standard, it uses 56 bits as an encryption method.
3DES:
Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
AES:
Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Integrity Algorithm:
Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash
Algorithm (SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.
MD5:
A one-way hashing algorithm that produces a 128
−
bit hash.
SHA1:
A one-way hashing algorithm that produces a 160
−
bit hash.
DH Group:
It is a public-key cryptography protocol that allows two parties to establish a shared
secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular
Exponentiation Groups.
SA Lifetime:
Specify the number of minutes that a Security Association (SA) will stay active before
new encryption and authentication key will be exchanged. Enter a value to issue an initial
connection request for a new VPN tunnel. Default is 480 minutes (28800 seconds). A short SA time
increases security by forcing the two parties to update the keys. However, every time when the VPN
tunnel re-negotiates, access through the tunnel will be temporarily disconnected.
Phase 2
Encryption Algorithm:
Select the encryption algorithm from the drop-down menu. There are
several options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but
increase latency.
Integrity Algorithm:
Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash
Algorithm (SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.
DH Group:
It is a public-key cryptography protocol that allows two parties to establish a shared
secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular
Exponentiation Groups.
19216811.live