CRADLEPOINT
CBR450| USER MANUAL Firmware ver. 3.3.0
© 2011
CRADLEPOINT, INC. PLEASE VISIT
HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/
FOR MORE HELP AND RESOURCES
PAGE 93
Encryption:
Used to encrypt messages sent and received by IPsec.
o
AES 128
o
AES 256
o
Blowfish
o
CAST
o
DES
o
3DES
Hash:
Used to compare, authenticate, and validate that data across the VPN arrives in its intended form and to
derive keys used by IPsec.
o
MD5
o
SHA1
o
SHA2 256
o
SHA2 384
o
SHA2 512
DH Groups:
The DH (Diffie-Hellman) Group is a property of IKE and is used to determine the length of prime
numbers associated with key generation. The strength of the key generated is partially determined by the strength
of the DH Group. Group 5, for instance, has greater strength than Group 2.
o
DH group 1: 768-bit key.
o
DH group 2: 1024-bit key.
o
DH group 5: 1536-bit key.
In Phase 1, only one DH group can be selected while using
Aggressive
exchange mode.
By default, all the algorithms (encryption, hash, and DH groups) supported by the CBR450 are checked, which means
they are
allowed
for any given exchange. Deselect these options to limit which algorithms will be accepted. Be sure to
check that the router (or similar device) at the other end of the tunnel has matching algorithms.
The algorithms are listed in order by priority. You can reorder this priority list by clicking and dragging algorithms up or
down. Any selected algorithm may be used for IKE exchange, but the algorithms on the top of the list are more likely to be
used more often.
Summary of Contents for CBR450
Page 1: ......