Setting up VPN tunnel encryption and authentication is a two-phase process.
Phase 1 determines how the gateways securely negotiate and handle building of the tunnel. The Phase 1 proposal sets the terms of the negotiation.
Phase 2 determines how data passing through the tunnel is encrypted at one end and decrypted at the other. The encryption method you choose needs to account for both phases. This process is carried out on both sides of the tunnel. The Phase 2 proposal sets the terms of the negotiation.
You can select how many entries per page you want to view from the List per page drop-down list.
You can jump to another page by selecting it from the Go to Page drop-down list.
The P2 Proposal List table contains the following information about each predefined and configured Phase 2 proposals:
Name: Indicates the name of the proposal.
PFS: Indicates whether the proposal is using Perfect Forward Secrecy (PFS) or not (No PFS), or Diffie-Hellman (DH) Group 1, Group 2, or Group 5.
Encap: Indicates the type of encapsulation: Encryption (ESP) or Authentication Only (AH).
Encrypt/Auth: Indicates the encryption algorithm (3DES-CBC, DES-CBC, or AES-CBC) and the hash algorithm (MD5 or SHA-1) used.
Life Time: Indicates the life of the key, as determined by the amount of time in Sec (seconds), Min (minutes), Hours, or Days.
Life Size: Indicates the lifetime of the key by the number of kilobytes of VPN traffic.
Configure: Click Edit to modify an entry, or click Remove to delete any custom Phase 2 proposals you create.
Note: You cannot edit or remove predefined proposals.
Although the security device comes with a selection of predefined Phase 2 Proposals, you may create your own. To create a new Phase 2 Proposal Configuration, click New. For more information, see AutoKey IKE P2 Proposal Configuration.