Specifications
hg-07.fm
A31003-H3580-M103-2-76A9, 01-2009
HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation
7-73
Nur für den internen Gebrauch
Explorers
Security
● Suggested Hash Algorithms: Select which hash algorithms should be used (you can
choose between MD5 and SHA1). The selected algorithms are offered by the party who
initiates IKE negotiation. The responder then selects the algorithms to be used.
● Suggested Lifetime of the Session Keys: Enter an accepted validity period for the session
keys which will be used. When this period expires, no more data is exchanged within this
session. New session keys are automatically negotiated to replace invalid session keys.
● Suggested Lifetime of the Key Exchange Session: Enter an accepted validity period for the
key exchange session. Once the key exchange session has expired, new keys are auto-
matically negotiated for it using the IKE protocol.
● Suggested Data Volume of the Session Keys: Enter the maximum data volume for the ses-
sion keys. If the data volume is exceeded, new session keys are automatically negotiated
using the IKE protocol. The data volume is not limited when "unlimited" is selected.
Click the Key Exchange Data option at the top of the input form.
You can enter data in the following fields for automatic key exchange:
● Activate Perfect Forward Secrecy: If you activate this option, the "Perfect Forward Secrecy"
function is activated. This option should always be selected as it activates improved secu-
rity mechanisms for data transfer via the tunnel.
● VPN Peer Authentication Method: Select the authentication method to be used for VPN
subscribers (you can choose between Digital Signatures (authentication using certificates)
and Pre-Shared Keys (authentication using self-defined manual keys).
● Pre-Shared Key: This field is only available if the authentication method is set to Pre-
Shared Keys. Enter a password here which must be used by the VPN subscribers at both
endpoints of the tunnel. At least 12 characters should be used.
● Reenter Pre-Shared Key: This field is only available if the authentication method is set to
Pre-Shared Keys. Repeat the password specified above to make sure there are no typing
errors.
● List of CA Certificates: These options are only available if the authentication method is set
to Digital signatures. For authentication, VPN subscribers can use any certificate that has
been issued (signed) by one of the selected CA certificates.
● Suggested Diffie-Hellman Groups: VPN subscribers can exchange keys by any of the se-
lected methods.
You can enter data in the following fields for manual key exchange:
● Security Parameter Index: Enter a unique indicator in this field for the key information. Any
number within the range 0 to 4294967295 can be selected. The number should be as high
as possible (a high nine-digit or ten-digit number is recommended).