Cisco WRV210 Administration Guide - Page 71

ISAKMP DH Group, ISAKMP Authentication Method - remote management

Get Cisco WRV210 PDF manuals and user guides View all Cisco WRV210 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 71 highlights

Configuring a Virtual Private Network (VPN) VPN > IPSec VPN 5 STEP 6 In the Key Management section, enter the following information to configure the security for the IPSec VPN tunnel. • Key Exchange Method: IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IDE peer. Auto (IKE) automatically negotiates the correct protocol. • Operation Mode: Use this option to set the operation mode to Main (default) or Aggressive. Main Mode operation is supported in ISAKMP SA establishment. • ISAKMP Encryption Method: There are four different types of encryption: 3DES, AES-128, AES-192, or ES-256. You may choose any of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. • ISAKMP Authentication Method: There are two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. • ISAKMP DH Group: This field specifies the Diffie-Hellman key negotiation. Seven groups are available for ISAKMP SA establishment. Group 1024, 1536, 2048, 3072, 4096, 6144, and 8192 represent different bits used in Diffie-Hellman mode operation. The default value is 1024. • ISAKMP Key Lifetime(s): Specify how long an ISAKMP key channel should be kept, before being renegotiated. The default is 28800 seconds, which is 8 hours. • PFS: PFS (Perfect Forward Secrecy) ensures that the initial key exchange and IKE proposals are secure. Click Enabled to use PFS, or click Disabled to disable this feature. • IPSec Encryption Method: Using encryption also helps make your connection more secure. There are four different types of encryption: 3DES, AES-128, AES-192, AES-256 or Auto. You may choose any of these, but you must choose the same type of encryption that is being used by the VPN device at the other end of the tunnel. Auto automatically negotiates the encryption method with the remote gateway. • IPSec Authentication Method: Authentication acts as another level of security. There are two types of authentication: MD5 and SHA. SHA is recommended because it is more secure. The VPN device at the other end of the tunnel must be configured to use the same type of authentication. Or, both ends of the tunnel may choose to disable authentication. Cisco Small Business WRV210 Administration Guide 71

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
Configuring a Virtual Private Network (VPN)
VPN > IPSec VPN
Cisco Small Business WRV210 Administration Guide
71
5
STEP 6
In the
Key Management
section, enter the following information to configure the
security for the IPSec VPN tunnel.
Key Exchange Method:
IKE is an Internet Key Exchange protocol used to
negotiate key material for Security Association (SA). IKE uses the Pre-
shared Key to authenticate the remote IDE peer.
Auto (IKE)
automatically
negotiates the correct protocol.
Operation Mode:
Use this option to set the operation mode to
Main
(default) or
Aggressive
. Main Mode operation is supported in ISAKMP SA
establishment.
ISAKMP Encryption Method:
There are four different types of encryption:
3DES
,
AES-128
,
AES-192
, or
ES-256
. You may choose any of these, but it
must be the same type of encryption that is being used by the VPN device
at the other end of the tunnel.
ISAKMP Authentication Method:
There are two types of authentication:
MD5 and SHA (SHA is recommended because it is more secure). As with
encryption, either of these may be selected, provided that the VPN device
at the other end of the tunnel is using the same type of authentication.
ISAKMP DH Group:
This field specifies the Diffie-Hellman key negotiation.
Seven groups are available for ISAKMP SA establishment. Group 1024,
1536, 2048, 3072, 4096, 6144, and 8192 represent different bits used in
Diffie-Hellman mode operation. The default value is
1024
.
ISAKMP Key Lifetime(s):
Specify how long an ISAKMP key channel should
be kept, before being renegotiated. The default is
28800
seconds, which is
8 hours.
PFS:
PFS (Perfect Forward Secrecy) ensures that the initial key exchange
and IKE proposals are secure. Click
Enabled
to use PFS, or click
Disabled
to
disable this feature.
IPSec Encryption Method:
Using encryption also helps make your
connection more secure. There are four different types of encryption:
3DES
,
AES-128
,
AES-192
, A
ES-256
or
Auto
. You may choose any of these, but you
must choose the same type of encryption that is being used by the VPN
device at the other end of the tunnel.
Auto
automatically negotiates the
encryption method with the remote gateway.
IPSec Authentication Method:
Authentication acts as another level of
security. There are two types of authentication: MD5 and SHA. SHA is
recommended because it is more secure. The VPN device at the other end
of the tunnel must be configured to use the same type of authentication. Or,
both ends of the tunnel may choose to disable authentication.