beautypg.com

Siemens se5880 User Manual

Page 73

background image

SIEMENS se5880 Ethernet Security Router
User’s Guide

Chapter 6 Security Setup

IKE/IPSec Configuration

SIEMENS

67

IKE Proposals Definition

IKE I proposals specify how packets will be encrypted/authenticated for Phase I. To define a new IKE proposal:

1. Click Create next to IKE Proposals from the Advanced IKE/IPSec Setup page. This displays the IKE

Proposal Definition page.

2. In IKE Proposal Name, enter a logical name for the IKE Proposal Definition. This name is of no

importance to the remote IKE peer.

3. From the Message Authentication Scheme drop-down menu, select one of the following hashing

(authentication) options to use to validate IKE Phase I exchange:

MD5: Performs message authentication using Message Digest 5.

SHA1: Performs message authentication using Secure Hashing Algorithm 1 (default).

4. From the Diffie-Hellman (Oakley) Group drop-down menu, select one of the following Diffie-Hellman key

generation groups to use during IKE Phase I exchange:

Group 1: Uses Diffie-Hellman Group 1 (768 bits).

Group 2: Uses Diffie-Hellman Group 2 (1024 bits).

5. From the Encryption Type drop-down menu, select one of the following encryption types to use during

IKE Phase II (Quick Mode) exchange:

DES: Encrypts using a 56-bit key.

3DES: Encrypts using three 56-bit keys to produce 168-bit encryption.

6. In Phase I Proposal Lifetime, enter the number of seconds after which the Phase I negotiation expires.

The default is 1800 seconds. Once this time is elapsed, the system will renegotiate the IKE connection.

7. Click Apply.