Phase 1 advanced settings, 249 phase 1 advanced settings – Fortinet 100A User Manual

VPN

Phase 1 advanced settings

FortiGate-100A Administration Guide

01-28007-0068-20041203

249

Phase 1 advanced settings

Figure 122:Phase 1 advanced settings

P1 Proposal

Select the encryption and authentication algorithms that will be used to

generate keys for protecting negotiations.
Add or delete encryption and authentication algorithms as required. Select a

minimum of one and a maximum of three combinations. The remote peer

must be configured to use at least one of the proposals that you define.
You can select any of the following symmetric-key algorithms:
•

DES-Digital Encryption Standard, a 64-bit block algorithm that uses a 56-
bit key.

•

3DES-Triple-DES, in which plain text is encrypted three times by three
keys.

•

AES128-A 128-bit block algorithm that uses a 128-bit key.

•

AES192-A 128-bit block algorithm that uses a 192-bit key.

•

AES256-A 128-bit block algorithm that uses a 256-bit key.

You can select either of the following message digests to check the

authenticity of messages during phase 1 negotiations:
•

MD5-Message Digest 5, the hash algorithm developed by RSA Data
Security.

•

SHA1-Secure Hash Algorithm 1, which produces a 160-bit message
digest.

To specify a third combination, use the add button beside the fields for the

second combination.