Specifications
4-22 WS2000 Wireless Switch System Reference Guide
3. Forward secrecy is a key-establishment protocol that guarantees that the discovery of a session key or a
long-term private key will not compromise the keys of any other sessions. Select Yes from the Use
Perfect Forward Secrecy menu to enable this option. Select No to disable Perfect Forward Secrecy.
4. If Perfect Forward Secrecy is enabled, select an IKE Authentication Algorithm.
5. In the Security Association Life Time field, enter a value (in minutes) that indicates how long the
association will last before the VPN client will need to reauthenticate.
6. Select the type of authentication from the AH Authentication menu. AH provides data authentication
and anti-replay services for the VPN tunnel.
7. Select the ESP Type from the menu.
8. If ESP or ESP with Authentication is enabled, select an Encryption Algorithm from the menu.
G1 - 768bit Diffie-Hellman Group 1 Authentication uses a 768 bit algorithm for key exchange.
Somewhat faster than the 1024-bit algorithm, but secure enough in most situa-
tions
G2- 1024bit Diffie-Hellman Group 2 Authentication uses a 1024 bit algorithm for key exchange.
Somewhat slower than the 768-bit algorithm, but much more secure and a better
choice for extremely sensitive situations.
None Disables AH authentication and the rest of the fields in this area will not be active.
MD5 Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexa-
decimal) authentication keys.
SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal)
keys.
None Disables ESP and the rest of the fields in this area will not be active.
ESP Enables Encapsulating Security Payload encryption for this tunnel.
ESP with
Authentication
Enables Encapsulating Security Payload encryption with authentication for this tunnel.
DES This options selects the DES encryption algorithm, which requires 64-bit (16-character
hexadecimal) keys.