VR-200 16-Port Multi-WAN VPN Router
• 94 •
z
Keying Mode:
IKE is an Internet Key Exchange protocol that used to negotiate key
material for SA (Security Association). IKE uses the Pre-shared Key field to
authenticate the remote IKE peer.
z
Phase 1 DH Group:
Phase 1 is used to create a security association (SA). DH
(Diffie-Hellman) is a key exchange protocol that is used during phase 1 of the
authentication process to establish pre-shared keys. There are three groups of
different prime key lengths. Group 1 is 768 bits, Group 2 is 1,024 bits and Group 5 is
1,536 bits. If network speed is preferred, select Group 1. If network security is
preferred, select Group 5.
z
Phase 1 Encryption:
There are three methods of encryption, DES, 3DES and AES.
The Encryption method determines the length of the key used to encrypt/decrypt
ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. In addition,
AES includes three types of encryptions, AES-128, AES-192, and AES-256. Both
sides must use the same Encryption method. 3DES or AES is recommended
because it is more secure.
z
Phase 1 Authentication:
There are two methods of authentication, MD5 and SHA.
The Authentication method determines a method to authenticate the ESP packets.