Switch User Manual
7 Tunneling Protocols
7-24
VPN 3000 Concentrator Series User Guide
Authentication Algorithm
This parameter specifies the data, or packet, authentication algorithm. Packet authentication proves that 
data comes from whom you think it comes from.
Click the drop-down menu button and select the algorithm:
MD5/HMAC-128 = HMAC (Hashed Message Authentication Coding) with the MD5 hash function 
using a 128-bit key. This is the default selection.
SHA/HMAC-160 = HMAC with the SHA-1 hash function using a 160-bit key. This selection is more 
secure but requires more processing overhead.
Encryption Algorithm
This parameter specifies the data, or packet, encryption algorithm. Data encryption makes the data 
unreadable if intercepted.
Click the drop-down menu button and select the algorithm:
DES-56 = DES encryption with a 56-bit key.
3DES-168 = Triple-DES encryption with a 168-bit key. This is the default selection, and it is the most 
secure.
Diffie-Hellman Group
This parameter specifies the Diffie-Hellman group used to generate IPSec SA keys. The Diffie-Hellman 
technique generates keys using prime numbers and “generator” numbers in a mathematical relationship.
Click the drop-down menu button and select the group:
Group 1 (768-bits) = Use Diffie-Hellman Group 1 to generate IPSec SA keys, where the prime and 
generator numbers are 768 bits. Select this option if you select 
DES-56 under Encryption Algorithm 
above.
Group 2 (1024-bits) = use Diffie-Hellman Group 2 to generate IPSec SA keys, where the prime and 
generator numbers are 1024 bits. This is the default selection for use with the 
3DES-168 Encryption 
Algorithm
 above, and it is the most secure.
Lifetime Measurement
This parameter specifies how to measure the lifetime of the IKE SA keys, which is how long the IKE SA 
lasts until it expires and must be renegotiated with new keys. It is used with the 
Data Lifetime or Time 
Lifetime
 parameters below.
Click the drop-down menu button and select the measurement method:
Time = Use time (seconds) to measure the lifetime of the SA (the default). Configure the Time 
Lifetime
 parameter below.
Data = Use data (number of kilobytes) to measure the lifetime of the SA. Configure the Data Lifetime 
parameter below.
Both = Use both time and data, whichever occurs first, to measure the lifetime. Configure both Time 
Lifetime
 and Data Lifetime parameters.
None = No lifetime measurement. The SA lasts until the connection is terminated for other reasons.










