SnapGear 2.0.1 User Manual

Virtual Private Networking

131

Phase 2 settings page

Figure 9-18

Set the length of time before Phase 2 is renegotiated in the Key lifetime (m) field. The
length may vary between 1 and 1440 minutes. For most applications 60 minutes is
recommended. In this example, leave the Key Lifetime as the default value of 60
minutes.

Select a Phase 2 Proposal. Any combination of the ciphers, hashes and Diffie Hellman
groups that the CyberGuard SG appliance supports can be selected. The supported
ciphers are DES, 3DES and AES (128, 196 and 256 bits). The supported hashes are
MD5 and SHA and the supported Diffie Hellman group are 1 (768 bit), 2 (1024 bit) and 5
(1536 bits). The CyberGuard SG appliance also supports extensions to the Diffie
Hellman groups to include 2048, 3072 and 4096 bit Oakley groups. Perfect Forward
Secrecy is enabled if a Diffie-Hellman group or an extension is chosen. Phase 2 can also
have the option to not select a Diffie Hellman Group, in this case Perfect Forward
Secrecy is not enabled. Perfect Forward Secrecy of keys provides greater security and is
the recommended setting. In this example, select the 3DES-SHA-Diffie Hellman Group
2 (1024 bit) option.

Define the Local Network behind the CyberGuard SG appliance that is to have access
through the tunnel. In this example, enter 192.168.2.0 / 255.255.255.0 in the field.

Define the Remote Network behind the remote party that is to have access through the
tunnel. In this example, enter 192.168.1.0 / 255.255.255.0 in the field.

Click the Apply button to save the tunnel configuration.