Configure the IKEv1 settings necessary for generation of common keys used in IPsec SA communication.
Setting item | Description | |
---|---|---|
[General Settings] | [Pre-Shared Key] | Select the IKEv1 authentication method used for IPsec SA. |
[Digital Signature] | ||
[ESN]*1 | [Enable] | Enables the ESN used for IPsec SA. Transfers a large volume of data at high speed, which minimizes the burden on the system. |
[Invalid] | Disables the ESN used for IPsec SA. | |
[Repley Detection] | [Enable] | Enables Replay Detection used in IPsec SA. Detects replay attacks and increases the security level. |
[Invalid] | Disables Replay Detection used in IPsec SA. | |
[ESP Encryption Algorithm]*2 | [AES-CBC] | Select the encryption algorithm to be used for ESP encryption. Set key length* when any of the following is selected.
*: Value that indicates the size of data (encryption key) used in encryption and decoding |
[3DES-CBC] | ||
[NULL] | ||
[AES-CTR] | ||
[AES-GCM-64] | ||
[AES-GCM] | ||
[ESP Authentication Algorithm]*2 | [SHA-1] | Set the authentication algorithm*1 used for ESP authentication. Set the length of the hash value*2 when [SHA-2] is selected. *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[AH Authentication Algorithm]*3 | [SHA-1] | Set the authentication algorithm*1 used for AH authentication. Set the length of the hash value*2 when [SHA-2] is selected. *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[Perfect Forward Secrecy] | [ON] | Uses Perfect Forward Secrecy in IPsec SA. The IKE strength increases. |
[OFF] | Does not use Perfect Forward Secrecy in IPsec SA. | |
[Diffie-Hellman Group]*4 | Diffie-Hellman Group group selection key | Selects one group number of Diffie-Hellman Group used in IPsec SA. Diffie-Hellman: Method of handing over common key used in common key encryption method. |
[OFF] | Does not use Diffie-Hellman Group. |
*1 to *4: The following settings are required to use this function.
*1: Set [Repley Detection] to [Enable].
*2: Set [Security Protocol] to [ESP].
*3: Set [Security Protocol] to [AH].
*4: Set [Perfect Forward Secrecy] to [ON].
When [AES-CBC], [AES-CTR], [AES-GCM-64], or [AES-GCM] is selected, set the AES key length.
The setting screen is displayed.
Set the length of the hash value when [SHA-2] is selected.
The setting screen is displayed.
Set the length of the hash value when [SHA-2] is selected.
The setting screen is displayed.