Digi X2 User Manual

1 1 7

C o n f i g u r e D i g i d e v i c e s

VPN tunnel proposal configuration for ISAKMP tunnels

The Proposal Configuration settings configure a set of security policies for ISAKMP

tunnels. The settings define the set of encryption and authentication algorithms for

incoming and outgoing traffic over the VPN tunnel. Proposals let you define multiple

types of communications. A security policy can have multiple proposals. For example, a

security policy can have two proposals to allow older VPN devices to connect using less-

secure methods, while allowing the same policy to have a second (or more) proposal to

allow newer, more powerful end-points to use more secure methods. For two devices to

communicate with each other, they must have a matching proposal.

VPN tunnel proposal configuration settings include:

Encryption: The encryption algorithm used for encrypting data:

–

DES: Uses 64-bit keys

–

3-DES: Uses 192-bit keys

–

AES: Uses 128-bit, 192-bit, or 256-bit keys depending on the negotiated
security settings

Authentication: The authentication algorithm used for authenticating clients:

–

MD5: Uses 128-bit keys.

–

SHA1: Uses 160-bit keys.

SA Lifetime: The Security Association (SA) lifetime determines how long a
SA policy is active in seconds. After the SA has been negotiated, the SA
lifetime begins. Once the lifetime has completed, a new set of SA policies are
negotiated with the remote VPN endpoint.