H3C Technologies H3C SecPath F1000-E User Manual

Page 429

417

Item Description

Encryption
Algorithm

Select the encryption algorithm to be used in IKE negotiation.

•

DES-CBC: Uses the DES algorithm in CBC mode and a 56-bit key for

encryption.

•

3DES-CBC: Uses the 3DES algorithm in CBC mode and a 168-bit key for

encryption.

•

AES-128: Uses the AES algorithm in CBC mode and a 128-bit key for

encryption.

•

AES-192: Uses the AES algorithm in CBC mode and a 192-bit key for

encryption.

•

AES-256: Uses the AES algorithm in CBC mode and a 256-bit key for
encryption.

Select the DH group to be used in key negotiation phase 1.

•

Diffie-Hellman Group1: Uses the 768-bit Diffie-Hellman group.

•

Diffie-Hellman Group2: Uses the 1024-bit Diffie-Hellman group.

•

Diffie-Hellman Group5: Uses the 1536-bit Diffie-Hellman group.

•

Diffie-Hellman Group14: Uses the 2048-bit Diffie-Hellman group.

SA Lifetime

Enter the ISAKMP SA lifetime.
Before an SA expires, IKE negotiates a new SA. The new SA takes effect
immediately after being set up, and the old one will be cleared automatically

when it expires.

IMPORTANT:

Before an ISAKMP SA expires, IKE negotiates a new SA to replace it. Because

DH calculation in IKE negotiation takes time, especially on low-end devices, set

the lifetime greater than 10 minutes to prevent the SA update from influencing

normal communication.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS