Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 130

Table 58 Security > User Roles > Add VPN Dialer Field Descriptions (Continued) Field Default Description IKE Lifetime (300-85400 secs) 28800 Specify the Internet Key Exchange (IKE) Lifetime in seconds. When this period of time expires, the IKE SA is replaced by a new SA or is terminated. The IKE SA specifies values for the IKE exchange: the authentication method used, the encryption and hash algorithms, the Diffie-Hellman group used, the lifetime of the IKE SA in seconds, and the shared secret key values for the encryption algorithms. The IKE SA in each peer is bi-directional. IKE Encryption 168-bit 3DESCBC Select the Internet Key Exchange (IKE) encryption method from the following two options:  168-bit 3DES-CBC  56-bit DES-CBC IKE Diffie-Hellman Group 1024-bit (1) Select the IPSEC Mode Group that matches the Diffie Hellman Group configured for the IPSEC policy. The two options are as follows:  1024-bit  768-bit The IKE policy selections, along with the preshared key, need to be reflected in the VPN configuration. Set the VPN configuration on clients to match the choices made above. In case the Dell PowerConnect W dialer is used, these configuration need to be made on the dialer prior to downloading the dialer onto the local client. IKE Hash Algorithm SHA Set the IKE Hash Algorithm to either SHA or MD5, to match the IKE policy for IPSEC. IKE Authentication Pre-Shared IKE Phase 1 authentication can be done with either an IKE preshared key or digital certificates. This establishes how the client is authenticated with the internal database on the controller. The options are Pre-Shared Keys or RSA Signatures. IPSEC Lifetime 7200 Define the IPSEC lifetime in seconds, after which a new IPSEC key is required. IPSEC Diffie Hellman 1024-bit (1) Group Select the IPSEC Mode Group that matches the Diffie Hellman Group configured for the IKE policy. The two options are as follows:  1024-bit  768-bit The IPSEC policy selections, along with the preshared key, need to be reflected in the VPN configuration. Set the VPN configuration on clients to match the choices made above. In case the Dell PowerConnect W dialer is used, these configuration need to be made on the dialer prior to downloading the dialer onto the local client. IPSEC Encryption 168-bit 3DES Specify the type of IPSEC encryption to support for the VPN. Options are as follows:  Encapsulating Security Payload (ESP) with 168-bit 3DES  ESP with 56-bit DES IPSEC Hash Algorithm SHA Set the IKE Hash Algorithm to either SHA or MD5, to match the IKE policy for IKE Hash Algorithm. Select Add to finish the new VPN Dialers profile, or click Save to complete the editing of an existing profile. You return to the VPN Dialers page. The new profile appears below the Add New VPN Dialer button. 130 | Dell PowerConnect W Configuration Reference Dell PowerConnect W AirWave 7.2 | Configuration Guide