TMS zl Management and Configuration Guide ST.1.0.090213
7-35
Virtual Private Networks
IPsec VPNs
b. For Authentication Method, select one of the following:
– Preshared Key
– DSA Signature
– RSA Signature
If you want to use SCEP to install certificates, select RSA Signature
rather than DSA Signature.
If you select DSA Signature or RSA Signature, you can go directly to
step 11. (After you finish the IKEv1 policy, you must install certificates
as described in “Install Certificates for IKE” on page 7-37.)
c. If you selected Preshared Key, type a string of 12 to 49 alphanumeric
or special characters in the Preshared Key box. Type the same string
in the Confirm Preshared Key box.
The string (which is case-sensitive) must match the string that is
configured on the remote endpoints.
11. Under Security Parameters Proposal, configure the security settings pro-
posed by the TMS zl Module for the IKE SA (the IKE policy on remote
endpoints must match):
a. For Diffie-Hellman (DH) Group, select the group for the Diffie-Hellman
key exchange:
– Group 1 (768)
– Group 2 (1024)
– Group 5 (1536)
The group determines the length of the prime number used during the
exchange. The larger the number, the more secure the key generated
by the exchange.
b. For Encryption Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–DES
– AES-128 (16)
–3DES
– AES-192 (24)
– AES-256 (32)
The number in parentheses after AES options indicates the key length
for the algorithm in bytes.
c. For Authentication Algorithm, select one of these protocols, listed from
least secure (and least processor-intensive) to most:
–MD5
–SHA-1