D-Link DFL-260 Product Manual - Page 396
Diffie-Hellman Groups, PFS DH Group, IPsec Encryption, IPsec Authentication, IPsec Lifetime
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 396 highlights
9.3.2. Internet Key Exchange (IKE) Chapter 9. VPN PFS DH Group IPsec DH Group IPsec Encryption IPsec Authentication IPsec Lifetime phase-1 SA every time a phase-2 negotiation has been finished, making sure no more than one phase-2 negotiation is encrypted using the same key. PFS is generally not needed, since it is very unlikely that any encryption or authentication keys will be compromised. This specifies the Diffie-Hellman group to use with PFS. The available DH groups are discussed below. This specifies the Diffie-Hellman group to use for IPsec communication. The available DH groups are discussed below in the section titled Diffie-Hellman Groups. The encryption algorithm that will be used on the protected IPsec traffic. This is not needed when AH is used, or when ESP is used without encryption. The algorithms supported by NetDefend Firewall VPNs are: • AES • Blowfish • Twofish • Cast128 • 3DES • DES This specifies the authentication algorithm used on the protected traffic. This is not used when ESP is used without authentication, although it is not recommended to use ESP without authentication. The algorithms supported by NetDefend Firewall VPNs are: • SHA1 • MD5 This is the lifetime of the VPN connection. It is specified in both time (seconds) and data amount (kilobytes). Whenever either of these values is exceeded, a re-key will be initiated, providing new IPsec encryption and authentication session keys. If the VPN connection has not been used during the last re-key period, the connection will be terminated, and re-opened from scratch when the connection is needed again. This value must be set lower than the IKE lifetime. Diffie-Hellman Groups Diffie-Hellman (DH) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to establish a shared secret key over an insecure communications channel 396