7
Tunneling Protocols
Figure 7-10: Configuration | System | Tunneling Protocols | IPSec | IKE Proposals screen
Cisco supplies default IKE proposals that you can use or modify; see Table 7-1. See Configuration | System
| Tunneling Protocols | IPSec | IKE Proposals | Add
Table 7-1: Cisco-supplied default IKE Proposals
Proposal
Name
Parameter
Authentication
Mode
Authentication
Algorithm
Encryption
Algorithm
Diffie-Hellman
Group
Lifetime
Measurement
Data Lifetime
Time Lifetime
7-20
IKE-3DES
IKE-3DES
-MD5
-MD5-DH1
Active by
Active by
default
default
Preshared Keys
Preshared Keys Preshared Keys
MD5/
MD5/
HMAC-128
HMAC-128
3DES-168
3DES-168
Group 2
Group 1
(1024-bits)
(768-bits)
Time
Time
KB
KB
10000
10000
(not relevant)
(not relevant)
sec
sec
86400
86400
for explanations of the parameters.
IKE-DES
IKE-3DES
-MD5
-MD5-RSA
Active by
Inactive by
default
default
RSA Digital
Certificate
MD5/
MD5/
HMAC-128
HMAC-128
DES-56
3DES-168
Group 1
Group 2
(768-bits)
(1024-bits)
Time
Time
KB
KB
10000
10000
(not relevant)
(not relevant)
sec
sec
86400
86400
IKE-3DES
IKE-3DES
-SHA-DSA
-MD5-RSA
-DH1
Inactive by
Inactive by
default
default
DSA Digital
RSA Digital
Certificate
Certificate
SHA/HMAC-160 MD5/
HMAC-128
3DES-168
3DES-168
Group 2
Group 1
(1024-bits)
(768-bits)
Time
Time
KB
KB
10000
10000
(not relevant)
(not relevant)
sec
sec
86400
86400
VPN 3000 Concentrator Series User Guide