AutoKey IKE Phase1 Proposal Configuration

Setting up virtual private network (VPN) tunnel encryption and authentication is a two-phase process:

Although the security device comes with a selection of predefined Phase 1 proposals, you can also create your own.

To Create a New AutoKey IKE P1 Proposal

  1. Enter the necessary information:

Name: Define a meaningful name for the proposal.

Authentication Method: Select Preshare when using a preshared secret. If you use a digital certificate from a certificate authority (CA), select RSA-Signature or DSA-Signature.

DH Group: Select one of the following Diffie-Hellman groups:

Group 1 (768-bit modulus)

Group 2 (1024-bit modulus)

Group 5 (1536-bit modulus)

Group 14 (2048-bit modulus)

The larger the modulus, the more secure the generated key is considered to be; however, the larger the modulus, the longer the key-generation process takes. Because the modulus for each group is a different size, the participants must agree to use the same group.

Note: The strength of DH Group 1 security has depreciated. We do not recommend its use.

Encryption and Data Integrity:

Encryption Algorithm: Select DES-CBC, 3DES-CBC, or AES-CBC.

DES: (Data Encryption Standard) A cryptographic block algorithm with a 56-bit key.

3DES: (Triple DES) A more powerful version of DES in which the original DES algorithm is applied in three rounds using a 168-bit key. DES provides significant performance savings but is considered unacceptable for many classified or sensitive material transfers.

AES: (Advanced Encryption Standard) An emerging encryption standard that offers greater interoperability with other network security devices. You can choose 128-bit, 192-bit, or 256-bit key lengths.

Hash Algorithm: Select MD5,SHA-1, or SHA2-256.

MD5: (Message Digest version 5) An algorithm that produces a 128-bit hash (also called a digital signature or message digest) from a message of arbitrary length and a 16-byte key.

SHA-1: (Secure Hash Algorithm-1) An algorithm that produces a 160-bit hash from a message of arbitrary length and a 20-byte key. It is generally regarded as more secure than MD5 because of the larger hashes it produces.

SHA2-256: (Secure Hash Algorithm-2) An algorithm that produces a 256-bit hash from a message of arbitrary length and a 32-byte key. It is more secure than SHA-1 because of the larger hashes it produces.

Lifetime: Enter a number (integer) for the amount and select the units: Sec (seconds), Min (minutes), Hours, or Days.

  1. Click OK to save your changes.