Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
211212213214215216217218219220
Virtual Private Networking
211
The Rekeyfuzz value refers to the maximum percentage by which the Rekeymargin
should be randomly increased to randomize rekeying intervals. The Key lifetimes for
both Phase 1 and Phase 2 are dependent on these values and must be greater that the
value of “Rekeymargin x (100 + Rekeyfuzz) / 100.” In this example, leave the
Rekeyfuzz as the default value of 100%.
Enter a secret in the Preshared Secret field. Keep a record of this secret as it is used to
configure the remote party's secret. In this example, enter: This secret must be kept
confidential
Warning
The secret must be entered identically at each end of the tunnel. The tunnel fails to
connect if the secret is not identical at both ends. The secret is a highly sensitive piece of
information. It is essential to keep this information confidential. Communications over
the IPSec tunnel may be compromised if this information is divulged.
Select a Phase 1 Proposal. Any combination of the ciphers, hashes and Diffie Hellman
groups that the SG unit supports can be selected. The supported ciphers are DES (56
bits), 3DES (168 bits) and AES (128, 196 and 256 bits). The supported hashes are MD5
and SHA and the supported Diffie Hellman groups are 1 (768 bit), 2 (1024 bit) and 5
(1536 bits). The SG unit also supports extensions to the Diffie Hellman groups to include
2048, 3072 and 4096 bit Oakley groups. In this example, select the 3DES-SHA-Diffie
Hellman Group 2 (1024 bit) option. Click the Next button to configure the Phase 2
Settings.
Other options
The following options become available on this page depending on what has been
configured previously:
Local Public Key field is the public part of the RSA key generated for RSA Digital
Signatures authentication. These fields are automatically populated and do not
need to be modified unless a different RSA key is to be used. This key must be
entered in the Remote Public Key field of the remote party's tunnel configuration.
This field appears when RSA Digital Signatures has been selected.
Remote Public Key field is the public part of the remote party's RSA Key
generated for RSA Digital Key authentication. This field must be populated with
the remote party's public RSA key. This field appears when RSA Digital
Signatures has been selected.