6: Networking
EMG™ Edge Management Gateway User Guide
90
ESP Encryption
The type of encryption,
3DES
,
AES
,
AES192
or
AES256
, used for
encrypting the data sent through the tunnel.
Any
can be selected if the two
sides can negotiate which type of encryption to use.
Note:
If ESP Encryption, Authentication and DH Group are set to
Any
,
default cipher suite(s) will be used. If the console manager acts as an
initiator, the tunnel will use a default ESP cipher of aes128-sha256 (for
IKEv1). For IKEv2 or when the console manager is the responder in tunnel
initiation, it will propose a set of cipher suites and will accept the first
supported proposal received from the peer. The proposal sent from the
remote peer and the proposal used by the console manager can be viewed
in the VPN logs. If there is no match between the two sets of proposals, the
tunnel will fail with the message
no matching proposal found
,
sending NO_PROPOSAL_CHOSEN
. If a matching proposal is found,
tunnel negotiation will proceed. Below is an example of no matching
proposal in the log messages:
charon: 04[CFG] received proposals:
ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/
NO_EXT_SEQ
charon: 04[CFG] configured proposals:
ESP:AES_CBC_128/AES_CBC_192/ AES_CBC_256/
HMAC_SHA2_256_128/ HMAC_SHA2_384_192/
HMAC_SHA2_512_256/ HMAC_SHA1_96/AES_XCBC_96/
NO_EXT_SE
charon: 04[IKE] no matching proposal found,
sending NO_PROPOSAL_CHOSEN
ESP Authentication
The type of authentication,
SHA2_256
,
SHA2_384
,
SHA2_512
,
SHA2_256_96
,
SHA1,
or
MD5
, used for authenticating data sent through
the tunnel.
Any
can be selected if the two sides can negotiate which type of
authentication to use.
ESP DH Group
The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048),
15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19
(ecp256) can be used for the key exchange for data sent through the tunnel.
Any can be selected if the two sides can negotiate which Diffie-Hellman
Group to use.
Note:
PFS is automatically enabled by configuring ESP Encryption to use
a DH Group (ESP Encryption without a DH Group will disable PFS); see
Perfect Forward Secrecy below.
Содержание EMG 8500
Страница 1: ...Part Number PMD 00008 Revision A October 2019 EMG Edge Management Gateway User Guide EMG 8500 ...
Страница 69: ...6 Networking EMG Edge Management Gateway User Guide 69 Figure 6 2 Network Network Settings 2 of 2 ...
Страница 302: ...14 Maintenance EMG Edge Management Gateway User Guide 302 Figure 14 12 About EMG ...