Virtual Private Networking
128
Phase 2 settings page
Figure 9-18
Set the length of time before Phase 2 is renegotiated in the
Key lifetime (m)
field. The
length may vary between 1 and 1440 minutes. For most applications 60 minutes is
recommended. In this example, leave the
Key Lifetime
as the default value of 60
minutes.
Select a
Phase 2 Proposal
. Any combination of the ciphers, hashes and Diffie Hellman
groups that the SnapGear supports can be selected. The supported ciphers are
DES
,
3DES
and
AES
(128, 196 and 256 bits). The supported hashes are
MD5
and
SHA
and
the supported Diffie Hellman group are
1
(768 bit),
2
(1024 bit) and
5
(1536 bits). The
SnapGear also supports extensions to the Diffie Hellman groups to include 2048, 3072
and 4096 bit Oakley groups.
Perfect Forward Secrecy
is enabled if a Diffie-Hellman
group or an extension is chosen. Phase 2 can also have the option to not select a Diffie
Hellman Group, in this case
Perfect Forward Secrecy
is not enabled.
Perfect Forward
Secrecy
of keys provides greater security and is the recommended setting. In this
example, select the
3DES-SHA-Diffie Hellman Group 2
(1024 bit) option.
Define the
Local Network
behind the SnapGear appliance that is to have access through
the tunnel. In this example, enter
192.168.2.0 / 255.255.255.0
in the field.
Define the
Remote Network
behind the remote party that is to have access through the
tunnel. In this example, enter
192.168.1.0 / 255.255.255.0
in the field.
Click the
Apply
button to save the tunnel configuration.