WAN Configuration 4-17
Setting Up Automatic Key Exchange
1. Select the Auto (IKE) Key Exchange radio button.
2. Click the Automatic Key Exchange button to set up this security
scheme and the following screen appears.
3. Forward secrecy is a key-establishment protocol that guarantees that
the discovery of a session key or a long-term private key will not
compromise the keys of any other sessions. Select Yes from the Use
Perfect Forward Secrecy menu to enable this option. Select No to
disable Perfect Forward Secrecy.
4. In the Security Association Life Time field, enter a value (in
minutes) that indicates how long the association will last before the
VPN client will need to reauthenticate .
5. Select the type of authentication from the AH Authentication menu. AH provides data authentication and anti-replay
services for the VPN tunnel.
6. Select the ESP Type from the menu.
7. If ESP or ESP with Authentication is enabled, select an Encryption Algorithm from the menu.
None Disables AH authentication and the rest of the fields in this area will not be active.
MD5 Enables the Message Digest 5 algorithm, which requires 128-bit (32-character hexadecimal)
authentication keys.
SHA1 Enables Secure Hash Algorithm 1, which requires 160-bit (40-character hexadecimal) keys.
None Disables ESP and the rest of the fields in this area will not be active.
ESP Enables Encapsulating Security Payload encryption for this tunnel.
ESP with
Authentication
Enables Encapsulating Security Payload encryption with authentication for this tunnel.
DES This options selects the DES encryption algorithm, which requires 64-bit (16-character hexadeci-
mal) keys.
3DES This option selects the 3DES encryption algorithm, which requires 192-bit (48-character hexadec-
imal) keys. When creating keys for 3DES, the first 8 bytes cannot equal the second 8 bytes, and
the second 8 bytes cannot equal the third 8 bytes.
AES 128-bit This options selects the Advanced Encryption Standard algorithm in use with 128-bit (32-charac-
ter hexadecimal) keys.
AES 192-bit This options selects the Advanced Encryption Standard algorithm in use with 192-bit (48-charac-
ter hexadecimal) keys.
AES 256-bit This options selects the Advanced Encryption Standard algorithm in use with 256-bit (64-charac-
ter hexadecimal) keys.