To Create a New Phase 1 ProposalSetting up the VPN tunnel encryption and authentication is actually a two-phase process.
Phase 1 essentially covers how the gateways will securely negotiate and handle the building of the tunnel. The P1 (Phase 1) Proposal sets the terms of the negotiation.
Phase 2 sets up how the data passing through the tunnel will be encrypted at one end and decrypted at the other. The encryption method you choose needs to account for both phases. This process is carried out on both sides of the tunnel. The P2 (Phase 2) Proposal sets the terms of the negotiation.
You can select how many entries per page you want to view from the List_per page drop-down list.
You can jump to another page by selecting it from the Go to Page drop-down list.
The table contains the following information on each predefined and configured Phase 1 (P1) Proposals:
Name: Indicates the name of the proposal.
Method: Indicates the authentication method used. The options are Preshare, when using a Preshared Secret, or RSA-Sig or DSA-Sig when using a digital certificate from a Certificate Authority.
DH Group: Indicates the Diffie-Hellman Group used: Group 1, Group 2, or Group 5.
Encrypt/Auth: Indicates the encryption algorithm (3DES-CBC, DES-CBC, or AES-CBC), and the hash algorithm (MD5 or SHA-1) used.
Life Time: Indicates the life of the key, as determined by the amount of time in Sec (seconds), Min (minutes), Hours, or Days.
Configure: Click Edit to modify an entry, or click Remove any custom P1 Proposals you create.
Note: You cannot edit or remove predefined proposals.
To Create a New Phase 1 ProposalAlthough the NetScreen device comes with a selection of predefined Phase 1 Proposals, you may create your own. To create a new Phase 1 (P1) Proposal, click New. For more information, see AutoKey IKE P1 Proposal Configuration page.