Phase 2 proposal – D-Link DFL-600 User Manual

Mode

el are encrypted. In

ggressive mode, there is no encryption in the

You can select between Main and Aggressive
modes for the Phase 1 negotiation to establish a
VPN IPSec tunnel. In the Main mode, all
communication between the two endpoints of
an IPSec VPN tunn
A
Phase 1 negotiation.
The DH algorithm allows the DFL-600 to
generate secret ke
Phase 1 negotiation. Group 1 generates a 768-
bit key and Group 2 generates

DH Group

ys for encryption for the

a 1024-bit key.

The same DH Group must be used on both ends
of an IPSec VPN tunnel.

IKE Life Duration

This is the duration (in seconds) the phase 1 key
after the tunnel is established. When this

o peers will trigger a

duration has past, the tw
restart of the phase 1 negotiation to set up a new
phase 1 key. Phase 2 negotiation will also be
triggered to build a new tunnel.

IKE Hash

This drop-down menu a
algorithm that will be used to ensure that the
messages exchanged between the tw
VPN tunnel endpoints has been received
exactly as it was sent. In other words, a Hash
algorithm is used to gene
by a mathematical operation using the entire
message. The resulting numb
message digest. The very sam
operation is performed when the m
received, and if there has been any change in

llows you to select the

o IPSec

rate a binary number

er is called a

e mathematical

essage is

the message in transit, the resulting message
digest number will be different and the message

will be rejected. You can choose between MD5
− a 128-bit message digest, and SHA − which
generates a 160-bit message digest. You must
have exactly the same IKE Hash algorithm on
both ends of a VPN tunnel.
This drop-down menu allows you to select the

IKE Encryption