background image
Internet Security Router User
’s Manual
Chapter 10. Configuring VPN
89
Options
Description
Xauth (aggressive
mode only)
Xauth is a user ID and password based authentication. This option is
available only when aggressive mode is selected.
Preshared Key
Enter the shared secret (this should match the secret key at the other end).
IKE Encryption /
Authentication
Select the IKE authentication and encryption from the drop-down list.
All
3DES & SHA1-DH2
3DES & MD5-DH2
DES & SHA1-DH2
DES & MD5-DH2
3DES & SHA1-DH1
DES & MD5-DH1
DES & SHA1-DH1
DES & MD5-DH1
3DES & SHA1-DH5
3DES & MD5-DH5
DES & SHA1-DH5
DES & MD5-DH5
Note: It is recommended that you choose All to have all the IKE proposals
associated with the current tunnel and allow IKE to automatically select one
(among the set of IKE proposals) to communicate with its peer. However, if
a specific proposal is required, then it can be chosen from the list.
Life Time
Enter the IKE security association life time in seconds, minutes, hours or
days.
IPSec Proposal Settings
IPSec Encryption /
Authentication
Select one of the following pre-configured IKE proposals from the drop-
down list. If
“All” is selected, all the pre-configured proposals will be
associated with existing tunnel and one (among the set of IPSec proposals)
will be selected automatically and used by IPSec to communicate with its
peer.
All
Strong Encryption & Authentication (ESP 3DES HMAC SHA1)
Strong Encryption & Authentication (ESP 3DES HMAC MD5)
Encryption & Authentication (ESP DES HMAC SHA1)
Encryption & Authentication (ESP DES HMAC MD5)
Authentication (AH SHA1)
Authentication (AH MD5)
Strong Encryption (ESP 3DES)
Encryption (ESP DES)
Authentication (ESP SHA1)
Authentication (ESP MD5)
Chained
Encryption /
Authentication
You can add additional security to the VPN tunnel by using both ESP and
AH protocols together (also called chained encryption/authentication). The
only combination supported is ESP encapsulated by AH. To turn on this
functionality, first select ESP IPSec proposal from the IPSec
Encryption/Authentication drop-down list and then click on either the AH
SHA-1 or AH MD-5 radio button in the Chained Encryption / Authentication
field.
Operation Mode
Click the radio button to select Tunnel or Transport mode.