Lantronix SLC 8000 Advanced Console Manager User Guide - Page 107
ESP Encryption, AES192, AES256, ESP Authentication, SHA2_256, SHA2_384, SHA2_512, ESP DH Group
View all Lantronix SLC 8000 Advanced Console Manager manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
ESP Encryption ESP Authentication ESP DH Group 6: Basic Parameters The type of encryption, 3DES , AES, AES192 or AES256, used for encrypting the data sent through the tunnel. Any can be selected if the two sides can negotiate which type of encryption to use. Note: If ESP Encryption, Authentication and DH Group are set to Any, default cipher suite(s) will be used. If the console manager acts as an initiator, the tunnel will use a default ESP cipher of aes128-sha256 (for IKEv1). For IKEv2 or when the console manager is the responder in tunnel initiation, it will propose a set of cipher suites and will accept the first supported proposal received from the peer. The proposal sent from the remote peer and the proposal used by the console manager can be viewed in the VPN logs. If there is no match between the two sets of proposals, the tunnel will fail with the message no matching proposal found, sending NO_PROPOSAL_CHOSEN. If a matching proposal is found, tunnel negotiation will proceed. Below is an example of no matching proposal in the log messages: charon: 04[CFG] received proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/ NO_EXT_SEQ charon: 04[CFG] configured proposals: ESP:AES_CBC_128/AES_CBC_192/ AES_CBC_256/ HMAC_SHA2_256_128/ HMAC_SHA2_384_192/ HMAC_SHA2_512_256/ HMAC_SHA1_96/AES_XCBC_96/ NO_EXT_SE charon: 04[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN The type of authentication, SHA2_256, SHA2_384, SHA2_512, SHA2_256_96, SHA1, or MD5, used for authenticating data sent through the tunnel. Any can be selected if the two sides can negotiate which type of authentication to use. The Diffie-Hellman Group, 2 (modp1024), 5 (modp1536), 14 (modp2048), 15 (modp3072), 16 (modp4096), 17 (modp6144), 18 (modp8192) or 19 (ecp256) can be used for the key exchange for data sent through the tunnel. Any can be selected if the two sides can negotiate which Diffie-Hellman Group to use. Note: PFS is automatically enabled by configuring ESP Encryption to use a DH Group (ESP Encryption without a DH Group will disable PFS); see Perfect Forward Secrecy below. SLC™ 8000 Advanced Console Manager User Guide 107