Manualshelf

User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550
221222223224225226227228229230
Virtual Private Networking
218
Phase 1 Hashes Loaded lists the authentication hashes that tunnels can be configured
with for Phase 1 negotiations. This includes MD5 and SHA.
Diffie Hellman Groups Loaded lists the Diffie Hellman groups and Oakley group
extensions that can be configured for both Phase 1 and Phase 2 negotiations.
Connection Details lists an overview of the tunnel's configuration. It contains the
following information:
An outline of the tunnel's network setup. In this example, it is
192.168.2.0/24===209.0.0.2(branch@office)...209.0.0.1===192.168.1.0/24
Phase 1 and Phase 2 key lifetimes (ike_life and ipsec_life respectively). In this
example, they are both 3600s.
Type of automatic (IKE) keying. In this example, the policy line displays
AGGRESSIVE. For Main mode, it displays MAIN.
Type of authentication used. In this example, the policy line displays PSK
(Preshared Key). For RSA Digital Signatures or x.509 certificates, it displays
RSA.
Whether Perfect Forward Secrecy is used. In this example, the policy line has
the PFS keyword. If PFS is disabled, the keyword does not appear.
Whether IP Payload Compression is used. In this example, the policy line does
not have the COMPRESS keyword since it has not been enabled.
The interface on which the tunnel is going out. In this example, the interface line
has eth1, which is the Internet interface.
The current Phase 1 key. This is the number that corresponds to the newest
ISAKMP SA field. In this example, phase 1 has not be successfully negotiated,
so there is no key yet.
The current Phase 2 key. This is the number that corresponds to the newest
IPSec SA field. In this example, phase 1 has not be successfully negotiated, so
there is no key yet.
The Phase 1 proposal wanted. The line IKE algorithms wanted reads 5_000-2-
2. The 5_000 refers to cipher 3DES (where 3DES has an id of 5, see Phase 1
Ciphers Loaded), the first 2 refer to hash SHA (where SHA has an id of 2, see
Phase 1 Hashes Loaded) and the second 2 refer to the Diffie Hellman Group 2
(where Diffie Hellman Group 2 has an id of 2).