Cisco WRV210 Administration Guide - Page 71
ISAKMP DH Group, ISAKMP Authentication Method - remote management
View all Cisco WRV210 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 71 highlights
Configuring a Virtual Private Network (VPN) VPN > IPSec VPN 5 STEP 6 In the Key Management section, enter the following information to configure the security for the IPSec VPN tunnel. • Key Exchange Method: IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses the Preshared Key to authenticate the remote IDE peer. Auto (IKE) automatically negotiates the correct protocol. • Operation Mode: Use this option to set the operation mode to Main (default) or Aggressive. Main Mode operation is supported in ISAKMP SA establishment. • ISAKMP Encryption Method: There are four different types of encryption: 3DES, AES-128, AES-192, or ES-256. You may choose any of these, but it must be the same type of encryption that is being used by the VPN device at the other end of the tunnel. • ISAKMP Authentication Method: There are two types of authentication: MD5 and SHA (SHA is recommended because it is more secure). As with encryption, either of these may be selected, provided that the VPN device at the other end of the tunnel is using the same type of authentication. • ISAKMP DH Group: This field specifies the Diffie-Hellman key negotiation. Seven groups are available for ISAKMP SA establishment. Group 1024, 1536, 2048, 3072, 4096, 6144, and 8192 represent different bits used in Diffie-Hellman mode operation. The default value is 1024. • ISAKMP Key Lifetime(s): Specify how long an ISAKMP key channel should be kept, before being renegotiated. The default is 28800 seconds, which is 8 hours. • PFS: PFS (Perfect Forward Secrecy) ensures that the initial key exchange and IKE proposals are secure. Click Enabled to use PFS, or click Disabled to disable this feature. • IPSec Encryption Method: Using encryption also helps make your connection more secure. There are four different types of encryption: 3DES, AES-128, AES-192, AES-256 or Auto. You may choose any of these, but you must choose the same type of encryption that is being used by the VPN device at the other end of the tunnel. Auto automatically negotiates the encryption method with the remote gateway. • IPSec Authentication Method: Authentication acts as another level of security. There are two types of authentication: MD5 and SHA. SHA is recommended because it is more secure. The VPN device at the other end of the tunnel must be configured to use the same type of authentication. Or, both ends of the tunnel may choose to disable authentication. Cisco Small Business WRV210 Administration Guide 71