To Create a New Phase 2 ProposalSetting up the VPN tunnel encryption and authentication is actually a two-phase process.
Phase 1 essentially covers how the gateways will securely negotiate and handle the building of the tunnel. The P1 (Phase 1) Proposal sets the terms of the negotiation.
Phase 2 sets up how the data passing through the tunnel will be encrypted at one end and decrypted at the other. The encryption method you choose needs to account for both phases. This process is carried out on both sides of the tunnel. The P2 (Phase 2) Proposal sets the terms of the negotiation.
You can select how many entries per page you want to view from the List_per page drop-down list.
You can jump to another page by selecting it from the Go to Page drop-down list.
This table contains the following information on each predefined and configured Phase 2 (P2) Proposals:
Name: Indicates the name of the proposal.
PFS: Indicates whether the proposal is using Perfect Forward Secrecy (PFS) or not (No PFS), or Diffie-Hellman (DH) Group 1, Group 2, or Group 5.
Encap: Indicates the type of encapsulation: Encryption (ESP) or Authentication Only (AH).
Encrypt/Auth.: Indicates the encryption algorithm (3DES-CBC, DES-CBC, or AES-CBC), and the hash algorithm (MD5 or SHA-1) used.
Life Time: Indicates the life of the key, as determined by the amount of time in Sec (seconds), Min (minutes), Hours, or Days.
Life Size: Indicates the lifetime of the key in kilobytes.
Configure: Click Edit to modify an entry, or click Remove to delete any custom P2 Proposals you create.
Note: You cannot edit or remove predefined proposals.
To Create a New Phase 2 ProposalAlthough the NetScreen device comes with a selection of predefined Phase 2 Proposals, you may create your own. To create a new Phase 2 Proposal Configuration, click New. For more information, see AutoKey IKE P2 Proposal Configuration.