F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
153
Table 10 Configuration items in custom mode
Item Descri
p
tion
Proposal Name
Enter a name for the IPsec proposal.
Encapsulation
Mode
Select an IP packet encapsulation mode for the IPsec proposal. Options include:
• Tunnel—Uses the tunnel mode.
• Transport—Uses the transport mode.
Security Protocol
Select a security protocol setting for the proposal. Options include:
• AH—Uses the AH protocol.
• ESP—Uses the ESP protocol.
• AH-ESP—Uses ESP first and then AH.
AH Authentication
Algorithm
Select an authentication algorithm for AH when the security protocol setting is AH or
AH-ESP.
Available authentication algorithms include MD5 and SHA1.
ESP Authentication
Algorithm
Select an authentication algorithm for ESP when the security protocol setting is ESP or
AH-ESP.
You can select MD5 or SHA1, or leave it null so the ESP performs no authentication.
IMPORTANT:
The ESP authentication algorithm and ESP encryption algorithm cannot be both null.
ESP Encryption
Algorithm
Select an encryption algorithm for ESP when the security protocol is ESP or AH-ESP.
Options include:
• DES—Uses the DES algorithm and 56-bit keys for encryption.
• 3DES—Uses the 3DES algorithm and 168-bit keys for encryption.
• AES128—Uses the AES algorithm and 128-bit keys for encryption.
• AES192—Uses the AES algorithm and 192-bit keys for encryption.
• AES256—Uses the AES algorithm and 256-bit keys for encryption.
• Leave it null so the ESP performs no encryption.
IMPORTANT:
• Higher security means increased complexity and decreased speed. DES is sufficient
for general security requirements. Use 3DES if you require high confidentiality and
security.
• The ESP authentication and encryption algorithms cannot be both null.
200BConfiguring an IPsec policy template
1. Select VPN > IPSec > Policy-Template from the navigation tree to enter IPsec policy template
management page.