Compatible Systems INTRAPORT 2+ User Manual

28

Chapter 6 - Basic Configuration Guide

6. Set an IKE Policy.

There are two phases to the IKE negotiation. During Phase 1 negotia-
tion, the IntraPort and Client must authenticate each other. The IKE
Policy dialog box controls this Phase 1 negotiation. Phase 2 negotiation
involves the setup of an individual tunnel connection and is controlled
by the VPN Group Configuration, documented in Step 7.

IKE Policy

To access this dialog box, select IKE Policy under Global in the Device
View.

These parameters specify a protection suite for the IKE negotiation
between the IntraPort server and client. There are three pieces to the IKE
protection suite.

1.

The first piece of each option is the authentication algorithm to be
used for the negotiation. MD5 is the message-digest 5 hash algo-
rithm. SHA is the Secure Hash Algorithm, which is considered to be
somewhat more secure than MD5.

2.

The second piece is the encryption algorithm. DES (Data Encryp-
tion Standard) uses a 56-bit key to scramble the data. 3DES uses
three different keys and three applications of the DES algorithm to
scramble the data.

3.

The third piece is the Diffie-Hellman group to be used for key
exchange. Because larger numbers are used by the Group 2 (G2)
algorithm, it is more secure than Group 1 (G1).

A. You can specify one or more protection suites by checking as

many of the boxes as you wish, or leave the default setting.

B. Click

OK.