Foundry ike and ipsec defaults, Oundry, Efaults – Foundry Networks AR3202-CL User Manual

Foundry AR-Series Router User Guide

15 - 62

© 2004 Foundry Networks, Inc.

June 2004

Foundry IKE and IPSec Defaults

To minimize configuration required by the user, default IKE and IPSec values have been implemented in
Foundry’s encryption scheme. Foundry supports a maximum of 100 IPSec tunnels.

IKE Defaults

Table 15.5: lists IKE defaults. When the user creates an IKE policy specifying an IKE peer, an IKE proposal with
priority 1 is automatically created. However, to make the IKE policy fully functional, the user must enter a pre-
shared key.

Table 15.3: Authentication Algorithms

Authentication Algorithms for AH/
ESP

Hash Size

HMAC-MD5-96

96 bits

HMAC-HSHA1-96

96 bits

Table 15.4: Diffie-Hellman Groups

Diffie-Hellman Groups for
Authentication

Key Size

Group 1

768 bits

Group 2

1024 bits

Group 5

1536 bits

Table 15.5: IKE Default Values

Parameter Name

Foundry Default
Value:
Site to Site

Foundry Default
Value:
Remote Access

Mode

Main mode

Aggressive mode

Perfect forward secrecy

Disabled

Disabled

Hash algorithm

SHA1

SHA1

Encryption algorithm

DES

DES

Authentication method

PreShared

PreShared

DH Group

Group 1

Group 1

Lifetime

86400 seconds

86400 seconds

Response type

Initiator and responder

Responder only