User manual

Virtual Private Networking

210

• Authentication Key field is the ESP Authentication Key. However, this applies to

the remote party. It must be of the form 0xhex, where hex is one or more

hexadecimal digits. The hex part must be exactly 32 characters long when using

MD5 or 40 characters long when using SHA1 (excluding any underscore

characters). It must use the same hash as the SG unit's authentication key. This

field appears when Manual Keying has been selected.

• Encryption Key field is the ESP Encryption Key. However, this applies to the

remote party. It must be of the form 0xhex, where hex is one or more

hexadecimal digits. The hex part must be exactly 16 characters long when using

DES or 48 characters long when using 3DES (excluding any underscore

characters). It must use the same cipher as the SG unit's encryption key. This

field appears when Manual Keying has been selected.

• Remote Network is the network behind the remote party. This field appears

when Manual Keying has been selected.

Phase 1 settings

Set the length of time before Phase 1 is renegotiated in the Key lifetime (s) field. The

length may vary between 60 and 86400 minutes. Shorter values offer higher security at

the expense of the computational overhead required to calculate new keys. For most

applications 3600 seconds is recommended. In this example, leave the Key Lifetime as

the default value of 3600 seconds.

A new Phase 1 key can be renegotiated before the current one expires. The time for

when this new key is negotiated before the current key expires can be set in the

Rekeymargin (s) field. In this example, leave the Rekeymargin as the default value of

600 seconds.