Configure Security
Section
Field Description
Key
Select one of the following options for the key exchange method:
Management
Auto (IKE)
(continued)
– Encryption: The Encryption method determines the length of the key used
– Authentication: The Authentication method authenticates the
– Perfect Forward Secrecy (PFS): If PFS is enabled, IKE Phase 2 negotiation
– Pre-Shared Key: IKE uses the Pre-Shared Key to authenticate the remote
– Key Lifetime: This field specifies the lifetime of the IKE generated key. If
Manual
– Encryption: The Encryption method determines the length of the key used
– Encryption Key: This field specifies a key used to encrypt and decrypt IP
– Authentication: The Authentication method authenticates the
– Authentication Key: This field specifies a key used to authenticate IP
– Inbound SPI/Outbound SPI: The Security Parameter Index (SPI) is carried
60
to encrypt/decrypt ESP packets. Notice that both sides must use the same
method.
Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice
that both sides (VPN endpoints) must use the same method.
MD5: A one-way hashing algorithm that produces a 128-bit digest
SHA: A one-way hashing algorithm that produces a 160-bit digest
will generate new key material for IP traffic encryption and authentication.
Note that both sides must have PFS enabled.
IKE peer. Both character and hexadecimal values are acceptable in this
field, e.g., "My_@123" or "0x4d795f40313233". Note that both sides must use
the same Pre-Shared Key.
the time expires, a new key will be renegotiated automatically. The Key
Lifetime may range from 300 to 100,000,000 seconds. The default lifetime is
3600 seconds.
to encrypt/decrypt ESP packets. Notice that both sides must use the same
method.
traffic. Both character and hexadecimal values are acceptable in this field.
Note that both sides must use the same Encryption Key.
Encapsulating Security Payload (ESP) packets. Select MD5 or SHA. Notice
that both sides (VPN endpoints) must use the same method.
MD5: A one-way hashing algorithm that produces a 128-bit digest
SHA: A one-way hashing algorithm that produces a 160-bit digest
traffic. Both character and hexadecimal values are acceptable in this field.
Note that both sides must use the same Authentication Key.
in the ESP header. This enables the receiver to select the SA, under which a
packet should be processed. The SPI is a 32-bit value. Both decimal and
hexadecimal values are acceptable. e.g., "987654321" or "0x3ade68b1". Each
tunnel must have a unique Inbound SPI and Outbound SPI. No two tunnels
share the same SPI. Note that the Inbound SPI must match the remote
gateway's Outbound SPI, and vice versa.
4042592 Rev B