Filter
Top Products
117
Configure Digi devices
VPN tunnel proposal configuration for ISAKMP tunnels
The Proposal Configuration settings configure a set of security policies for ISAKMP
tunnels. The settings define the set of encryption and authentication algorithms for
incoming and outgoing traffic over the VPN tunnel. Proposals let you define multiple
types of communications. A security policy can have multiple proposals. For example, a
security policy can have two proposals to allow older VPN devices to connect using less-
secure methods, while allowing the same policy to have a second (or more) proposal to
allow newer, more powerful end-points to use more secure methods. For two devices to
communicate with each other, they must have a matching proposal.
VPN tunnel proposal configuration settings include:
Encryption: The encryption algorithm used for encrypting data:
– DES: Uses 64-bit keys
– 3-DES: Uses 192-bit keys
– AES: Uses 128-bit, 192-bit, or 256-bit keys depending on the negotiated
security settings
Authentication: The authentication algorithm used for authenticating clients:
– MD5: Uses 128-bit keys.
– SHA1: Uses 160-bit keys.
SA Lifetime: The Security Association (SA) lifetime determines how long a
SA policy is active in seconds. After the SA has been negotiated, the SA
lifetime begins. Once the lifetime has completed, a new set of SA policies are
negotiated with the remote VPN endpoint.