Filter
Top Products
DFL-500 User Manual
5
6
Aggressive mode with no user group
Field Server Clients
User Group
None N/A
Mode
Aggressive Aggressive
Authentication Key
The server and the clients must have the same authentication key.
Local ID
empty empty
Aggressive mode with a user group selected
In this configuration, the server and the clients use aggressive mode for key exchange. A user group is
selected in the server dialup remote gateway. The format of the authentication key depends on the
information in the Local ID field.
Aggressive mode with a user group selected
Field Server
Client
configuration 1
Client
configuration 2
Client configuration 3
User Group
Select a user
group
N/A N/A N/A
Mode
Aggressive Aggressive Aggressive Aggressive
Authentication
Key
Server
authentication key
Server
authentication key
Server
authentication key
Client's password. This password
must be added to the server user
database.
Local ID
empty Client IP address
Client domain
name
Other information in a different
format.
About DH groups
The Diffie-Hellman (DH) algorithm creates a shared secret key that can be created at both ends of the VPN
tunnel without communicating the key across the Internet.
You can select from DH group 1, 2, and 5. DH group 5 produces the most secure shared secret key and DH
group 1 produces the least secure key. However, DH group 1 is faster that DH group 5.
About the P1 proposal
AutoIKE key IPSec VPNs use a two-phase process for creating a VPN tunnel. During the first phase (P1), the
VPN gateways at each end of the tunnel negotiate to select a common algorithm for encryption and another
one for authentication. When you configure the remote gateway P1 proposal, you are selecting the algorithms
that the DFL-500 NPG proposes during phase 1 negotiation. You can select up to three different encryption
and authentication algorithm combinations. Choosing more combinations might make it easier for P1
negotiation, but you can restrict the choice to one if required. For negotiation to be successful, both ends of
the VPN tunnel must have at least one encryption algorithm and one authentication algorithm in common.
•
Select DES to propose to encrypt packets using DES encryption.
•
Select 3DES to propose to encrypt packets using triple-DES encryption.
•
Select MD5 to propose to use MD5 authentication.
•
Select SHA1 to propose to use SHA1 authentication.