Virtual Private Networking
130
Warning
The secret must be entered identically at each end of the tunnel. The tunnel will fail to
connect if the secret is not identical at both ends. The secret is a highly sensitive piece of
information. It is essential to keep this information confidential. Communications over
the IPSec tunnel may be compromised if this information is divulged.
Select a Phase 1 Proposal. Any combination of the ciphers, hashes and Diffie Hellman
groups that the CyberGuard SG appliance supports can be selected. The supported
ciphers are DES (56 bits), 3DES (168 bits) and AES (128, 196 and 256 bits). The
supported hashes are MD5 and SHA and the supported Diffie Hellman groups are 1 (768
bit), 2 (1024 bit) and 5 (1536 bits). The CyberGuard SG appliance also supports
extensions to the Diffie Hellman groups to include 2048, 3072 and 4096 bit Oakley
groups. In this example, select the 3DES-SHA-Diffie Hellman Group 2 (1024 bit)
option. Click the Continue button to configure the Phase 2 Settings.
Other options
The following options will become available on this page depending on what has been
configured previously:
•
Local Public Key field is the public part of the RSA key generated for RSA Digital
Signatures authentication. These fields are automatically populated and do not
need to be modified unless a different RSA key is to be used. This key must be
entered in the Remote Public Key field of the remote party's tunnel configuration.
This field appears when RSA Digital Signatures has been selected.
•
Remote Public Key field is the public part of the remote party's RSA Key
generated for RSA Digital Key authentication. This field must be populated with
the remote party's public RSA key. This field appears when RSA Digital
Signatures has been selected.
•
Modulus, Public Exponent, Private Exponent, Prime1, Prime2, Exponent1,
Exponent2 and Coefficient fields constitute the private part of the RSA key.
These fields are automatically populated and do not need to be modified unless a
different RSA key is to be used. This field appears when RSA Digital Signatures
has been selected.
•
Local Certificate pull down menu contains a list of the local certificates that have
been uploaded for x.509 authentication. Select the required certificate to be used
to negotiate the tunnel. This field appears when x.509 Certificates has been
selected.