Aggressive mode with no user group
Field
User Group
Mode
Authentication Key The server and the clients must have the same authentication key.
Local ID
Aggressive mode with a user group selected
In this configuration, the server and the clients use aggressive mode for key exchange. A user group is
selected in the server dialup remote gateway. The format of the authentication key depends on the
information in the Local ID field.
Aggressive mode with a user group selected
Field
User Group
Mode
Authentication
Key
Local ID
About DH groups
The Diffie-Hellman (DH) algorithm creates a shared secret key that can be created at both ends of the VPN
tunnel without communicating the key across the Internet.
You can select from DH group 1, 2, and 5. DH group 5 produces the most secure shared secret key and DH
group 1 produces the least secure key. However, DH group 1 is faster that DH group 5.
About the P1 proposal
AutoIKE key IPSec VPNs use a two-phase process for creating a VPN tunnel. During the first phase (P1), the
VPN gateways at each end of the tunnel negotiate to select a common algorithm for encryption and another
one for authentication. When you configure the remote gateway P1 proposal, you are selecting the algorithms
that the DFL-500 NPG proposes during phase 1 negotiation. You can select up to three different encryption
and authentication algorithm combinations. Choosing more combinations might make it easier for P1
negotiation, but you can restrict the choice to one if required. For negotiation to be successful, both ends of
the VPN tunnel must have at least one encryption algorithm and one authentication algorithm in common.
•
Select DES to propose to encrypt packets using DES encryption.
•
Select 3DES to propose to encrypt packets using triple-DES encryption.
•
Select MD5 to propose to use MD5 authentication.
•
Select SHA1 to propose to use SHA1 authentication.
DFL-500 User Manual
Server
None
Aggressive
empty
Client
Server
configuration 1
Select a user
N/A
group
Aggressive
Aggressive
Server
Server
authentication key
authentication key
empty
Client IP address
Clients
N/A
Aggressive
empty
Client
configuration 2
N/A
Aggressive
Server
authentication key
Client domain
name
Client configuration 3
N/A
Aggressive
Client's password. This password
must be added to the server user
database.
Other information in a different
format.
56