recommended setting unless the two firewalls have the same external IP address.
•
IP - An IP address can be manually entered
•
DNS - A DNS address can be manually entered
•
Email - An email address can be manually entered
9.3.6. Algorithm Proposal Lists
To agree on the VPN connection parameters, a negotiation process is performed. As a result of the
negotiations, the IKE and IPsec security associations (SAs) are established. A proposal list of
supported algorithms is the starting point for the negotiation. Each entry in the list defines
parameters for a supported algorithm that the VPN tunnel end point device is capable of supporting
(the shorter term tunnel endpoint will also be used in this manual). The initial negotiation attempts
to agree on a set of algorithms that the devices at either end of the tunnel can support.
There are two types of proposal lists, IKE proposal lists and IPsec proposal lists. IKE lists are used
during IKE Phase-1 (IKE Security Negotiation), while IPsec lists are using during IKE Phase-2
(IPsec Security Negotiation).
Several algorithm proposal lists are already defined by default in NetDefendOS for different VPN
scenarios and user defined lists can be added.
Two IKE algorithm lists and two IPsec lists are already defined by default:
•
High
This consists of a more restricted set of algorithms to give higher security. The complete list is
3DES, AES, Blowfish, MD5, SHA1.
•
Medium
This consists of a longer set of algorithms. The complete list is 3DES, AES, Blowfish, Twofish,
CAST128, MD5, SHA1.
Example 9.1. Using an Algorithm Proposal List
This example shows how to create and use an IPsec Algorithm Proposal List for use in the VPN tunnel. It will
propose 3DES and DES as encryption algorithms. The hash function SHA1 and MD5 will both be used in order to
check if the data packet is altered while being transmitted. Note that this example does not illustrate how to add
the specific IPsec tunnel object. It will also be used in a later example.
Command-Line Interface
First create a list of IPsec Algorithms:
gw-world:/> add IPsecAlgorithms esp-l2tptunnel
DESEnabled=Yes
DES3Enabled=Yes
SHA1Enabled=Yes
MD5Enabled=Yes
Then, apply the algorithm proposal list to the IPsec tunnel:
gw-world:/> set Interface IPsecTunnel MyIPsecTunnel
IPsecAlgorithms=esp-l2tptunnel
Web Interface
First create a list of IPsec Algorithms:
9.3.6. Algorithm Proposal Lists
Chapter 9. VPN
439
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...