beautypg.com

Robustel R3000 User Guide User Manual

Page 73

background image

Robustel GoRugged R3000 User Guide


RT_UG_R3000_v.2.0.0 17.01.2014 72 / 131
Confidential

selected, type a name without any at sign (@) for the local security
gateway, e.g., test.robustel.com.
User FQDN: Uses a user FQDN type as the ID in IKE negotiation. If this
option is selected, type a name string with a sign “@” for the local
security gateway, e.g., [email protected].

Negotiation Mode

Select from “Main” and “aggressive” for the IKE negotiation mode in
phase 1. If the IP address of one end of an IPSec tunnel is obtained
dynamically, the IKE negotiation mode must be aggressive. In this case,
SAs can be established as long as the username and password are
correct.

Main

Encryption Algorithm

Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”to be
used in IKE negotiation.
DES: Uses the DES algorithm in CBC mode and 56-bit key.
3DES: Uses the 3DES algorithm in CBC mode and 168-bit key.
AES128: Uses the AES algorithm in CBC mode and 128-bit key.
AES192: Uses the AES algorithm in CBC mode and 192-bit key.
AES256: Uses the AES algorithm in CBC mode and 256-bit key.

3DES

Authentication
Algorithm

Select from “MD5” and “SHA1”to be used in IKE negotiation.
MD5: Uses HMAC-SHA1.
SHA1: Uses HMAC-MD5.

MD5

DH Group

Select from “MODP768_1”, “MODP1024_2” and “MODP1536_5”to be
used in key negotiation phase 1.
MODP768_1: Uses the 768-bit Diffie-Hellman group.
MODP1024_2: Uses the 1024-bit Diffie-Hellman group.
MODP1536_5: Uses the 1536-bit Diffie-Hellman group.

MODP1024_2

Authentication

Select from “PSK”, “CA”, “XAUTH Init PSK” and “XAUTH Init CA” to be
used in IKE negotiation.
PSK: Pre-shared Key.
CA: Certification Authority.
XAUTH: Extended Authentication to AAA server.

PSK

Secrets

Enter the Pre-shared Key.

Null

Life Time @ IKE
Parameter

Set the lifetime in IKE negotiation.
Before an SA expires, IKE negotiates a new SA. As soon as the new SA is
set up, it takes effect immediately and the old one will be cleared
automatically when it expires.

86400

SA Algorithm

Select from “DES_MD5_96”, “DES_SHA1_96”, “3DES_MD5_96”, “3DES_
SHA1_96”, “AES128_MD5_96”, “AES128_ SHA1_96”,
“AES192_MD5_96”, “AES192_ SHA1_96”, “AES256_MD5_96” and
“AES256_ SHA1_96” when you select “ESP” in “Protocol”;
Select from “AH_MD5_96” and “AH_ SHA1_96” when you select “AH”
in “Protocol”;
Note: Higher security means more complex implementation and lower
speed. DES is enough to meet general requirements. Use 3DES when

3DES_MD5_96

See also other documents in the category Robustel Routers: