Network > Network Profiles > IKE Crypto
Use the
IKE Crypto Profiles
page
to specify protocols and algorithms for identification, authentication,
and encryption (IKEv1 or IKEv2, Phase 1).To change the order in which an algorithm or group is listed,
select the item and then click
Move Up
or Move
Down
. The order determines the first choice when settings
are negotiated with a remote peer. The setting at the top of the
list is attempted first, continuing down the list until an attempt
is successful.IKE Crypto Profile
Settings | Description |
---|---|
Name | Enter a name for the profile. |
DH Group | Specify the priority for Diffie-Hellman
(DH) groups. Click Add and select groups: group1 , group2 , group5 , group14 , group19 ,
or group20 . For highest security, select
an item and then click Move Up or Move Down to
move the groups with higher numeric identifiers to the top of the
list. For example, move group14 above group2 . |
Authentication | Specify the priority for hash algorithms.
Click Add and select algorithms. For highest security,
select an item and then click Move Up or Move
Down to change the order (top to bottom) to the following:
If
you select an AES-GCM algorithm for encryption, you must select
the Authentication setting none . The hash
is automatically selected based on the DH Group selected. DH Group
19 and below uses sha256 ; DH Group 20 uses sha384 . |
Encryption | Select the appropriate Encapsulating Security
Payload (ESP) authentication options. Click Add and
select algorithms. For highest security, select an item and then
click Move Up or Move Down to
change the order (top to bottom) to the following:
The aes-256-gcm and aes-128-gcm algorithms
have authentication built into them; therefore, in those cases you
must select the Authentication setting to
be none . |
Key Lifetime | Select unit of time and enter the length
of time that the negotiated IKE Phase 1 key will be effective (default
is 8 hours).
|
IKEv2 Authentication Multiple | Specify a value (range is 0-50; default
is 0) that is multiplied by the Key Lifetime to determine the authentication
count. The authentication count is the number of times that the
gateway can perform IKEv2 IKE SA re-key before the gateway must
start over with IKEv2 re-authentication. A value of 0 disables the
re-authentication feature. |
Recommended For You
Recommended Videos
Recommended videos not found.