Intel PRO/100 Computer Hardware User Manual


 
Intel® Packet Protect User’s Guide
56
the IKE settings in the other IPSec product. The following table describes the
pre-defined IKE settings for each computer that uses Packet Protect.
A computer that requests a protected communication proposes its list of IKE set-
tings to the computer with which it is trying to communicate. The IKE settings
are proposed in order of preference, but the responding computer can agree on
any of the proposed combinations. The responding computer must have one of
the combinations defined, or the communication is not allowed using IPSec.
NOTE:
The IKE settings used by Packet Protect cannot be customized. If you
require different settings for a communication with a computer that
uses a different IPSec product, change the IKE settings in the other
product to match one of the IKE setting combinations used by Packet
Protect (as noted in the above table).
Authentication Method
IKE requires that two computers use the same authentication method to verify
each other’s identity. Packet Protect supports the following:
Pre-shared keys — If using pre-shared keys, the two computers attempt-
ing to communicate must propose the same pre-shared key, otherwise they
cannot communicate using IPSec. If you change the pre-shared key for a
workgroup, remember that this changes the pre-shared key used for all
Table 7: Pre-Defined IKE Settings
Preferred
Order
Encryption Hashing
Diffie-
Hellman
1 DES (56-bit) MD5 768-Bit
2 DES (56-bit) SHA-1 768-Bit
3 3DES (168-bit)
Domestic version only
MD5 1024-Bit
4 3DES (168-bit)
Domestic version only
SHA-1 1024-Bit
Source computer
Proposes defined IKE
settings
Destination computer
Picks which IKE settings to use
from the source computer’s list