Efficient Networks 5800 User Manual

Efficient Networks

®

5800 Series

User Reference Guide

Chapter 3: Additional Features

Efficient Networks

®

Page 3-21

Digest 5.

–

SHA1: Request AH encapsulation and authenticate using Secure

Hashing Algorithm 1.

3. ESP Authentication Scheme: Select which ESP message

authentication to propose:

–

NONE: Perform no message authentication.

–

MD5: Perform message authentication using Message Digest 5.

–

SHA1: Perform message authentication using Secure Hashing

Algorithm 1.

4. ESP Encryption Scheme: Select the encryption method (if any) to

propose:

–

DES: Use ESP encapsulation and 56-bit encryption.

–

3DES: Use ESP encapsulation and three 56-bit keys to produce

168-bit encryption.

–

NULL: ESP encapsulation, but no data encryption. ESP

encapsulation enables verification of the source, but data is sent in

the clear to increase throughput.

–

NONE: No ESP encapsulation and no encryption is used.

5. IP Compression Method: Select whether to propose LZS IP

compression, or none.

6. Phase II Proposal Lifetime: Enter the length of time to propose, as

measured in seconds, before the IPSec SA expires. The default setting

is 1800 seconds. Once this lifetime is elapsed, your router will

renegotiate the IKE connection.

7. Phase II Proposal Data: Enter the amount of data, as measured in

kilobytes, before the IPSec SA terminates. After the specified quantity

of data has been transferred, your router will renegotiate the IKE

connection. If you use zero, the data quantity will be unlimited. By

setting a limit on the amount of data transferred, you can reduce the

risk of a key becoming compromised.

8. Click on the Save IKE Settings button to save your IKE IPSec

proposal definition and return to the home screen.