Configure the IKEv1 settings necessary for generation of common keys used in IPsec communication.
Setting item | Description | |
---|---|---|
[Encryption Algorithm] | [DES-CBC] | Select the encryption algorithm used to generate the common key for IPsec communication. Key length* is set when [AES-CBC] is selected. *: Value that indicates the size of data (encryption key) used in encryption and decoding |
[3DES-CBC] | ||
[AES-CBC] | ||
[Authentication Algorithm] | [SHA-1] | Select the authentication algorithm*1 used to generate the common key for IPsec communication. Sets the hash value*2 when [SHA-2] is selected. *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[Diffie-Hellman Group] | Diffie-Hellman Group selection key | Set Diffie-Hellman Group used to generate the common key required for communication. Multiple items cannot be selected. Diffie-Hellman: Method of handing over common key used in common key encryption method. |
[Key Validity Period] | Set the expiration time of the common key used in IPsec communication. After the expiration time, a new key is automatically generated, thereby, enabling you to maintain security. Press Control panel - C to allow input. Range: 600 sec. to 604800 sec. | |
[Negotiation Mode] | [Main Mode] | Select [Main Mode] as a secure way to generate a common key used to encrypt communications. The computer IP address of connection destination is used as ID and common key is assigned. IPsec connection destination IP address is used as authentication information, so authentication is not possible if both of them are not fixed IP addresses. |
[Aggressive Mode] | Select [Aggressive Mode] as a secure way to generate a common key used to encrypt communications. A common key is assigned to an original ID set by the operator, such as a user ID. Sets [Aggressive Mode] when using dynamic IP* because IPsec connection destination IP address is not used as authentication information. *: The IP address assigned to the computer each time it is connected to the network |
Set the key length when [AES-CBC] is selected.
The setting screen is displayed.
Set the hash value when [SHA-2] is selected.
The setting screen is displayed.