Setting up virtual private network (VPN) tunnel encryption and authentication is a two-phase process:
Phase 1 determines how the gateways securely negotiate and handle building the tunnel. The Phase 1 proposal sets the terms of the negotiation.
Phase 2 determines how data passing through the tunnel is encrypted at one end and decrypted at the other. The encryption method you choose needs to account for both phases. This process is carried out on both sides of the tunnel. The Phase 2 proposal sets the terms of the negotiation.
You can select how many entries per page you want to view from the List per page drop-down list.
You can jump to another page by selecting it from the Go to Page drop-down list.
The P1 Proposal List table contains the following information about each predefined and configured Phase 1 proposal:
Name: Indicates the name of the proposal.
Method: Indicates the authentication method used. The options are Preshare (for use with a preshared secret) or RSA-Sig or DSA-Sig (for use with a digital certificate from a certificate authority, or CA).
DH Group: Indicates the Diffie-Hellman (DH) group used: Group 1, Group 2, or Group 5.
Encrypt/Auth: Indicates the encryption algorithm used (3DES-CBC, DES-CBC, or AES-CBC) and the hash algorithm used (MD5 or SHA-1).
Life Time: Indicates the life of the key, as determined by the amount of time in Sec (seconds), Min (minutes), Hours, or Days.
Configure: Click Edit to modify an entry, or click Remove any custom P1 Proposals you create.
Note: You cannot edit or remove predefined proposals.
Although the security device comes with a selection of predefined Phase 1 Proposals, you may create your own. To create a new Phase 1 (P1) Proposal, click New. For more information, see AutoKey IKE P1 Proposal Configuration page.