IPsec Profiles
To configure the IPSec Profiles, follow these steps:
Step 1
Select VPN > IPsec Profiles.
Step 2
In the IPSec Profiles Table, click Add.
Step 3
Under Add a New IPsec Profile, enter a name in the Profile Name section.
Step 4
Select the Keying Mode.
Step 5
For Auto Keying Mode, configure the following:
Phase 1 Options
Diffie-Hellman (DH) Group
Encryption
Authentication
SA Lifetime (Sec)
Perfect Forward Secrecy
(PFS)
Phase 2 Options
Protocol Selection
Encryption
Authentication
RV345/345P Administration Guide
78
Select a DH group (Group 2 or Group 5) from the drop-down list. DH is a key exchange
protocol, with two groups of different prime key lengths: Group 2 has up to 1,024 bits,
and Group 5 has up to 1,536 bits.
For faster speed and lower security, choose Group 2. For slower speed and higher
security, choose Group 5. Group 2 is selected by default.
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
The authentication method determines how the Encapsulating Security Payload Protocol
(ESP) header packets are validated. The MD5 is a one-way hashing algorithm that
produces a 128-bit digest. The SHA1 is a one-way hashing algorithm that produces a
160-bit digest. The SHA1 is recommended because it is more secure. Make sure that
both ends of the VPN tunnel use the same authentication method. Select an authentication
(MD5, SHA1 or SHA2-256).
Amount of time an IKE SA is active in this phase. The default value for Phase 1 is
28,800 seconds.
Check Enable to enable PFS and enter the lifetime in seconds, or uncheck Enable to
disable.
When the PFS is enabled, the IKE Phase 2 negotiation generates a new key for the IPSec
traffic encryption and authentication. Enabling this feature is recommended.
Select a protocol from the drop-down list.
• ESP: Select ESP for data encryption and enter the encryption.
• AH: Select this for data integrity in situations where data is not secret but must
be authenticated.
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
Select an authentication (MD5, SHA1 or SHA2-256).
VPN