Specifications
VPN and the IPsec Protocol
110 AVM Access Server – 6 AVM Access Server for Experts
IDs are used in Phase 2 as well. For remote users, the AVM Access
Server’s identity is always the address of the uppermost access rule.
For remote networks, the identities can be configured as desired.
When the Phase 2 identity is set to “Automatic”, it is derived from the
uppermost access rule.
Security policies are proposed SAs. The security policies are named
according to the structure described below.
Phase 1: Diffie-Hellman Group / Encryption Methods / Hash Algorithm
These three parameters can take the following values:
Diffie-Hellman Group:
Encryption methods:
Hash algorithm:
Phase 2: ESP Encryption Algorithm-hash Algorithm / AH Hash
Algorithm / Compression / Perfect Forward Secrecy
Encryption algorithms:
def Diffie-Hellman Group 1 (default)
alt Diffie-Hellman Group 2 (alternate)
aes Advanced Encryption Standard (128 - 256 bit key length)
3des Triple Digital Encryption Standard (Triple-DES; 168 bit key length)
des Digital Encryption Standard (56 bit key length)
all The 3DES and DES encryption methods are proposed to the
remote system in that order
sha Secure Hash Algorithm 1 (SHA-1)
md5 Message Digest 5 (MD5)
all The SHA-1 and MD5 hash algorithms are proposed to the remote
system in that order
aes Advanced Encryption Standard (128 - 256 bit key length)
3des Triple Digital Encryption Standard (Triple-DES, 168 bit key length)
des Digital Encryption Standard (56 bit key length)
all The AES, 3DES and DES encryption methods are proposed to the
remote system in that order
no Do not use ESP