User manual
107
Configure Digi devices
7 Specify the Internet Key Exchange (IKE) Security Settings for the VPN
connection. Internet Key Exchange (IKE) negotiates IPSec security associations
(SA). The IPSec systems must authenticate themselves to each other and establish
ISAKMP (IKE) shared keys. SAs are relationships between two or more entities or
peers that describe how they will use security services to communicate securely.
You can use either the default security policies or custom policies.
– Use the default policies to negotiate Internet Key Exchange (IKE) security
settings: The default security policies that are negotiated and used to secure the
SAs are:
– Use the following policies to negotiate Internet Key Exchange (IKE)
security settings: If the default settings do not match the VPN and IKE SA
configuration of the remote peers, or if additional policies are required, enable
this setting, then click Add to add one or more security policies.
Internet Key Exchange security policy settings include:
Encryption: The encryption algorithm and key length used in IKE
negotiations for encrypting data. Supported encryption algorithms are
DES, 3-DES, and AES, which also includes three available key lengths for
greater security.
Authentication: The authentication algorithm used in IKE negotiations to
authenticate IKE peers and SAs. Supported authentication algorithms are
MD5 and SHA1.
SA Lifetime: Determines how long a SA policy is active in seconds. The
Security Association (SA) lifetime determines how long a SA policy is
active in seconds. After the IKE SA has been negotiated, the SA lifetime
begins. Once the lifetime has completed, a new set of SA policies are
negotiated using IKE phase 2 negotiation.
When all the VPN Internet Key Exchange settings have been entered, click
Apply.
Default Security Policies
Encryption Authentication SA Lifetime
30DES (192-bit) SHA1 86400 secs