| IKE Proposal
(Phase 1) |
Name
|
The name of the proposal.
|
Enter a name.
|
Authentication algorithm
|
The Authentication Header (AH) algorithm the device uses to
verify the authenticity and integrity of a packet. Supported algorithms
include the following:
- md5—Produces a 128-bit digest.
- sha1—Produces a 160-bit digest.
- sha-256—Produces a 256-bit
digest.
Note:
The sha-256 authentication algorithm is not supported with the
dynamic VPN feature.
|
Select an algorithm.
|
Authentication method
|
The method the device uses to authenticate the source of Internet
Key Exchange (IKE) messages. Options include:
- pre-shared-keys—Key for encryption
and decryption that both participants must have before beginning tunnel
negotiations.
- rsa-key—Kinds of digital signatures,
which are certificates that confirm the identity of the certificate
holder.
|
Select an authentication method.
|
Description
|
Easy identification of the proposal.
|
Enter brief description of the IKE proposal.
|
Dh group
|
The Diffie-Hellman exchange allows participants to produce a
shared secret value over an unsecured medium without actually transmitting
the value across the connection.
|
Select a group. If you configure multiple (up to four) proposals
for Phase 1 negotiations, use the same Diffie-Hellman group in all
proposals.
|
Encryption altorithm
|
Supported Internet Key Exchange (IKE) proposals include the
following:
- 3des-cbc—3DES-CBC encryption
algorithm.
- aes-128-cbc—AES-CBC 128-bit
encryption algorithm.
- aes-192-cbc—AES-CBC 192-bit
encryption algorithm.
- aes-256-cbc—AES-CBC 256-bit
encryption algorithm.
- des-cbc—DES-CBC encryption
algorithm.
|
Select an encryption algorithm.
|
Lifetime seconds
|
The
lifetime (in seconds) of an IKE security association (SA). When the
SA expires, it is replaced by a new SA and security parameter index
(SPI) or terminated.
|
Select
a lifetime for the IKE SA.
Default: 3,600 seconds.
Range: 180 through 86,400 seconds.
|
