51
Web User Interface
DH1
- use a 768-bit random number
DH2
- use a 1024-bit random number
DH5 – user a 1536-bit random number
Phase 1 encryption
Select which key size and encryption algorithm to use for
data communications. Choices are:
DES
- a 56-bit key with the DES encryption algorithm
3DES
- a 168-bit key with the DES encryption algorithm
wireless router and the remote IPSec router must use the
same algorithms and key , which can be used to encrypt
and decrypt the message or to generate and verify a
message authentication code. Longer keys require more
processing power, resulting in increased latency and
decreased throughput.
AES
- Advanced Encryption Standard is a newer method of
data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit
blocks of data. AES is faster than 3DES. Here you can have
the choice
AES-128, AES-192, AES-256
Phase 1 authentication
Select which hash algorithm to use to authenticate packet
data in the IKE SA. Choices are
SHA1
and
MD5
.
SHA1
is
generally considered stronger than
MD5
, but it is also
slower.
MD5 (Message Digest 5) produces a 128-bit digest to
authenticate packet data.
SHA1 (Secure Hash Algorithm) produces a 160-bit digest to
authenticate packet data.
Phase 1 SA lifetime
Define the length of time before an IKE SA automatically
renegotiates in this field. It may range from 120 to 86400
seconds. A short SA Life Time increases security by forcing
the two VPN gateways to update the encryption and
authentication keys. However, every time the VPN tunnel
renegotiates, all users accessing remote resources are
temporarily disconnected.
Phase 2 encryption
Select which key size and encryption algorithm to use for
U10C019/U10C020