IKE Proposal
(Phase 1) |
Name
|
Name to identify the proposal.
|
Enter a name.
|
Authentication algorithm
|
Authentication Header (AH) algorithm the device uses to verify
the authenticity and integrity of a packet. Supported algorithms include
the following:
- md5—Produces a 128-bit digest.
- sha1—Produces a 160-bit digest.
- sha-256—Produces a 256-bit
digest.
|
Select an authentication algorithm.
|
Authentication method
|
Method the device uses to authenticate the source of Internet
Key Exchange (IKE) messages. The dynamic VPN feature only uses preshared
keys for authentication. With this method, both participants must
have the key before beginning tunnel negotiations.
|
No action is required. The device displays this information
for informational purposes only.
|
Description
|
Description of the proposal.
|
Enter a brief description of the Phase 1 proposal.
|
Dh group
|
Allow participants to produce a shared secret value over an
unsecured medium without actually transmitting the value across the
connection.
|
Select a Diffie-Hellman group. If you configure multiple (up
to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman
group in all proposals.
|
Encryption algorithm
|
Supported Internet Key Exchange (IKE) proposals include the
following:
- 3des-cbc—3DES-CBC encryption
algorithm
- aes-128-cbc—AES-CBC 128-bit
encryption algorithm
- aes-192-cbc—AES-CBC 192-bit
encryption algorithm
- aes-256-cbc—AES-CBC 256-bit
encryption algorithm
- des-cbc—DES-CBC encryption
algorithm
|
Select an encryption algorithm.
|
Lifetime seconds
|
Lifetime (in seconds) of an IKE security association (SA). When
the SA expires, it is either replaced by a new SA and security parameter
index (SPI) or the SA is terminated.
|
Select a lifetime for the IKE security association (SA). Range:
180 through 86,400 seconds. Default: 3,600 seconds.
|