Chapter 12 Scenario: Site-to-Site VPN Configuration
Implementing the Site-to-Site Scenario
12-8
Cisco ASA 5500 Series Getting Started Guide
78-19186-01
Configuring IPsec Encryption and Authentication Parameters
In Step 4 of the VPN Wizard, perform the following steps:
Step 1
Choose the encryption algorithm (DES/3DES/AES) from the Encryption
drop-down list, and the authentication algorithm (MD5/SHA) from the
Authentication drop-down list.
Step 2
Check the
Enable Perfect Forwarding Secrecy (PFS)
check box to specify
whether to use perfect forwarding secrecy, and the size of the numbers to use from
the Diffie-Hellman Group drop-down list, in generating Phase 2 IPsec keys.
PFS is a cryptographic concept where each new key is unrelated to any previous
key. In IPsec negotiations, Phase 2 keys are based on Phase 1 keys unless PFS is
enabled. PFS uses Diffie-Hellman techniques to generate the keys.
Содержание 5510 - ASA SSL / IPsec VPN Edition
Страница 10: ...Contents x Cisco ASA 5500 Series Getting Started Guide 78 19186 01 ...
Страница 42: ...Chapter 3 Installing the ASA 5550 What to Do Next 3 20 Cisco ASA 5500 Series Getting Started Guide 78 19186 01 ...
Страница 106: ...Chapter 8 Scenario DMZ Configuration What to Do Next 8 24 Cisco ASA 5500 Series Getting Started Guide 78 19186 01 ...
Страница 182: ...Chapter 13 Configuring the AIP SSM What to Do Next 13 16 Cisco ASA 5500 Series Getting Started Guide 78 19186 01 ...