About dh groups, About the p1 proposal – D-Link DFL-500 User Manual

Page 56

Advertising
background image

DFL-500 User Manual

56

Aggressive mode with no user group

Field Server

Clients

User Group

None N/A

Mode

Aggressive Aggressive

Authentication Key The server and the clients must have the same authentication key.

Local ID

empty empty

Aggressive mode with a user group selected

In this configuration, the server and the clients use aggressive mode for key exchange. A user group is
selected in the server dialup remote gateway. The format of the authentication key depends on the
information in the Local ID field.

Aggressive mode with a user group selected

Field Server

Client
configuration 1

Client
configuration 2

Client configuration 3

User Group

Select a user
group

N/A N/A N/A

Mode

Aggressive Aggressive Aggressive Aggressive

Authentication
Key

Server
authentication key

Server
authentication key

Server
authentication key

Client's password. This password
must be added to the server user
database.

Local ID

empty

Client IP address

Client domain
name

Other information in a different
format.

About DH groups

The Diffie-Hellman (DH) algorithm creates a shared secret key that can be created at both ends of the VPN
tunnel without communicating the key across the Internet.

You can select from DH group 1, 2, and 5. DH group 5 produces the most secure shared secret key and DH
group 1 produces the least secure key. However, DH group 1 is faster that DH group 5.

About the P1 proposal

AutoIKE key IPSec VPNs use a two-phase process for creating a VPN tunnel. During the first phase (P1), the
VPN gateways at each end of the tunnel negotiate to select a common algorithm for encryption and another
one for authentication. When you configure the remote gateway P1 proposal, you are selecting the algorithms
that the DFL-500 NPG proposes during phase 1 negotiation. You can select up to three different encryption
and authentication algorithm combinations. Choosing more combinations might make it easier for P1
negotiation, but you can restrict the choice to one if required. For negotiation to be successful, both ends of
the VPN tunnel must have at least one encryption algorithm and one authentication algorithm in common.

• Select DES to propose to encrypt packets using DES encryption.
• Select 3DES to propose to encrypt packets using triple-DES encryption.
• Select MD5 to propose to use MD5 authentication.
• Select SHA1 to propose to use SHA1 authentication.

Advertising
Popular Brands
Popular manuals