Cisco SRP521W-K9-G1 Administration Guide - Page 184

Configuring VPN IKE Policy 7 STEP 5 Set the IKE SA parameters as needed as defined in the IKE Policy Settings table. STEP 6 If connected to a XAUTH server, enter a username and password. When enabled, the SRP can authenticate users from an external authentication server such as a RADIUS server. STEP 7 Click Submit to save your settings. IKE Policy Settings Field Description General Policy Name Enter a unique name for the VPN policy. Exchange Mode Choose the exchange mode based on your requirements for security and speed. • Main: Choose this mode if you want higher security, but with a slower connection. Main Mode relies upon two-way key exchanges between the initiator and the receiver. The key-exchange process slows down the connection but increases security. • Aggressive: Choose this mode if you want a faster connection, but with lowered security. In Aggressive Mode there are fewer key exchanges between the initiator and the receiver. Both sides exchange information even before there is a secure channel. IKE SA Parameters Encryption Algorithm Choose an encryption mode. Select from DES, 3DES, AES128, AES192, and AES256. Authentication Algorithm Choose an authentication algorithm for the IKA SA. Select from MD5 and SHA1. Pre Shared Key Enter an alpha-numeric key to be shared with the IKE peer. Diffie-Hellman (DH) Group Choose a DH group to set the strength of the algorithm in bits. Select from Group 1 (768 bits) and Group 2 (1024bits). Cisco SRP500 Series Services Ready Platforms Administration Guide (SRP520 Models) 184