Motorola SURFboard SVG1501E User Manual

B

10 • VPN Pages

62

Field

Description

Phase 1 DH group

Select one of the Diffie-Hellman groups: 768 bits, 1024 bits, or
1536 bits.

Diffie-Hellman is a cryptographic technique that uses public
and private keys for encryption and decryption. The higher the
number of bits, the more secure the encryption. Options:
Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits).

Phase 1 encryption

Secure the VPN connection between endpoints: DES, 3DES,
AES-128, AES-192, or AES-256.

Select any encryption but make the far endpoints match.
Common encryption settings are 3DES and AES.

Phase 1 authentication

Set Authentication, another level of security, to SHA or MD5

Motorola recommends SHA because it is more secure but you
can use either authentication provided the other end of the
VPN tunnel uses the same method.

Phase 1 SA lifetime

Specify the lifetime of individual rotating keys.

Enter the number of seconds for the key to last until a re-key
negotiation between each endpoint is negotiated. The default
setting is 28,800 seconds.

A smaller lifetime is generally more secure, since it would give
an attacker a smaller amount of time to try to crack the key,
however key negotiation takes up bandwidth, so network
throughput is sacrificed with small lifetimes. Entries are
typically in the thousands or tens of thousands of seconds.