Avaya 3.7 User Manual

Using the VPN tabs

Issue 4 May 2005

143

Lifetime

Payload key lifetime defines the extent to which a single set of
cryptographic keys is used when applying VPN services to IP
packets. Lifetimes are either time based or based on throughput.
Time-based lifetimes are based on the amount of time that the
keys are used without a key change. Throughput lifetimes are
defined by the amount of data that is acted on by a set of keys.
The more often a key is changed, the “more secure” the system.
However, frequent key changes can affect system performance.

Enter a numerical value and select a unit of measure for both
time-based and throughput lifetimes. Whichever occurs first
triggers the new key.

Note:

Note:

For time-based lifetime, the following are the
minimum values in each category: Day = 1,
Minutes = 1, and Seconds = 60.

Diffie-Hellman
Group

Diffie-Hellman groups define the cryptographic key strengths
used during IKE negotiations. The level of security increases as
the DH group number increases. Using a higher level DH group
results in longer key exchange times.

●

Group 1
Key strength: 768 bit
Platform support: SG5, SG5x, SG200, SG203, and SG208

●

Group 2
Key strength: 1024 bit
Platform support: SG5, SG5X, SG200, SG203, and SG208

●

Group 5
Key strength: 1536 bit
Platform support: SG5, SG5X, SG200, SG203, and SG208

●

Group 14
Key strength: 2048 bit
Platform support: SG203 and SG208

See RFC2409 for more information on Diffie-Hellman Groups.

Field

Description