R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
122
Figure 84 Adding an IKE proposal
3. Configure an IKE proposal as described in Table 6.
4. Click Apply.
Table 6 Configuration items
Item Descri
p
tion
IKE Proposal
Number
Enter the IKE proposal number.
The number also stands for the priority of the IKE proposal, with a smaller value meaning
a higher priority. During IKE negotiation, the system matches IKE proposals in order of
proposal number, starting from the smallest one.
Authentication
Method
Select the authentication method to be used by the IKE proposal. Options include:
• Preshared Key—Uses the pre-shared key method.
• RSA Signature—Uses the RSA digital signature method.
Authentication
Algorithm
Select the authentication algorithm to be used by the IKE proposal. Options include:
• SHA1—Uses HMAC-SHA1.
• MD5—Uses HMAC-MD5. This algorithm is not available for the FIPS mode.
Encryption
Algorithm
Select the encryption algorithm to be used by the IKE proposal. Options include:
• DES-CBC—Uses the DES algorithm in CBC mode and 56-bit keys for encryption. This
algorithm is not available for the FIPS mode.
• 3DES-CBC—Uses the 3DES algorithm in CBC mode and 168-bit keys for encryption.
This algorithm is not available for the FIPS mode.
• AES-128—Uses the AES algorithm in CBC mode and 128-bit keys for encryption. It is
the default encryption algorithm in FIPS mode.
• AES-192—Uses the AES algorithm in CBC mode and 192-bit keys for encryption.
• AES-256—Uses the AES algorithm in CBC mode and 256-bit keys for encryption.