| IKE Proposal
(Phase 1) |
|
Name
|
The name of the proposal.
|
Enter a name.
|
|
Authentication algorithm
|
The Authentication Header (AH) algorithm the device uses to
verify the authenticity and integrity of a packet. Supported algorithms
include the following:
-
md5—Produces a 128-bit digest.
-
sha1—Produces a 160-bit digest.
-
sha-256—Produces a 256-bit digest.
|
Select an algorithm.
|
|
Authentication method
|
The method the device uses to authenticate the source of Internet
Key Exchange (IKE) messages. Options include:
- pre-shared-keys—Key for encryption and decryption
that both participants must have before beginning tunnel negotiations.
- rsa-key—Kinds of digital signatures, which are certificates
that confirm the identity of the certificate holder.
|
Select an authentication method.
|
|
Description
|
Easy identification of the proposal.
|
Enter brief description of the IKE proposal.
|
|
Dh group
|
The Diffie-Hellman exchange allows participants to produce a
shared secret value over an unsecured medium without actually transmitting
the value across the connection.
|
Select a group. If you configure multiple (up to four) proposals
for Phase 1 negotiations, use the same Diffie-Hellman group in all
proposals.
|
|
Encryption altorithm
|
Supported Internet Key Exchange (IKE) proposals include the
following:
- 3des-cbc—3DES-CBC encryption algorithm.
- aes-128-cbc—AES-CBC 128-bit encryption algorithm.
- aes-192-cbc—AES-CBC 192-bit encryption algorithm.
- aes-256-cbc—AES-CBC 256-bit encryption algorithm.
- des-cbc—DES-CBC encryption algorithm.
|
Select an encryption algorithm.
|
|
Lifetime seconds
|
The
lifetime (in seconds) of an IKE security association (SA). When the
SA expires, it is replaced by a new SA and security parameter index
(SPI) or terminated.
|
Select
a lifetime for the IKE SA.
Default: 3,600 seconds.
Range: 180 through 86,400 seconds.
|
