Configure the IKEv2 settings necessary for generation of common keys used in IPsec SA communication.
Setting item | Description | |
---|---|---|
[Local Authentication Method] | [Pre-Shared Key] | Sets the IKEv2 Local authentication method used for IPsec SA. |
[Digital Signature] | ||
[ESN] | [Enable] | Enables the ESN used for IPsec SA. Transfers a large volume of data at high speed, which minimizes the burden on the system. |
[Invalid] | Disables the ESN used for IPsec SA. | |
[Repley Detection] | [Enable] | Enables Replay Detection used in IPsec SA. Detects replay attacks and increases the security level. |
[Invalid] | Disables Replay Detection used in IPsec SA. | |
[Peer Authentication Method] | [Pre-Shared Key] | Set the authentication method of the other party to communicate using IKE. |
[Digital Signature] | ||
[Pre-Shared Key/Digital Signature] | ||
[ESP Encryption Algorithm]*1 | [AES-CBC] | Set the encryption algorithm used for ESP encryption. Set key length* when any of the following is selected.
*: Value that indicates the size of data (encryption key) used in encryption and decoding |
[3DES-CBC] | ||
[NULL] | ||
[AES-CTR] | ||
[AES-GCM-64] | ||
[AES-GCM] | ||
[ENC-NULL-AES-GMAC] | ||
[ESP Authentication Algorithm] | [SHA-1] | Set the authentication algorithm*1 used for ESP authentication. Set the length of the hash value*2 when [SHA-2] is selected. For details, refer to Setting Procedure (Setting [ESP Authentication Algorithm]). *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[AH Authentication Algorithm]*2 | [SHA-1] | Set the authentication algorithm*1 used for AH authentication. Set the length of the hash value*2 when [SHA-2] is selected. For details, refer to Setting Procedure (Setting [AH Authentication Algorithm]). *1: Hash function *2: Value generated from source data (return value of the hash function) |
[SHA-2] | ||
[AES-XCBC] | ||
[Perfect Forward Secrecy] | [ON] | Uses Perfect Forward Secrecy in IPsec SA. The IKE strength increases. |
[OFF] | Does not use Perfect Forward Secrecy in IPsec SA. | |
[Diffie-Hellman Group]*3 | [Priority 1] to [Priority 4] | Set Diffie-Hellman Group used to generate the common key required for communication for each priority order. Diffie-Hellman: Method of handing over common key used in common key encryption method. |
[OFF] | Does not use Diffie-Hellman Group. |
*1 to *3: The following settings are required to use this function.
*1: Set [Security Protocol] to [ESP].
*2: Set [Security Protocol] to [AH].
*3: Set [Perfect Forward Secrecy] to [ON].
When [AES-CBC], [AES-CTR], [AES-GCM-64], [AES-GCM], or [ENC-NULL-AES-GMAC] is selected, set the AES key length.
The setting screen is displayed.
The setting screen is displayed.
The setting screen is displayed.
If you select [OFF], Diffie-Hellman Group is not set.