Use this page to configure the settings for automatic exchange of the IPsec encryption key. The Default Settings are the IPsec settings for communicating with peers not specified on the Settings 1 to Settings 4 pages.
Select the address type used for IPsec communications. Selecting Inactive disables all the other settings on this page.
Select one of the following security levels for IPsec communications. You can specify a set of values at once simply by selecting the security level that you require. When you select a security level, its corresponding values are displayed in the Security Details area. Only PSK Text requires manual configuration. If you want to change the settings under Security Details manually, select User Settings in the Security Level list.
This level authenticates the destination peer and prevents packet tampering without applying packet encryption.
This level authenticates the destination peer and encrypts packets to protect them from tampering. This level is slightly more vulnerable to cryptanalysis than Authentication and High Level Encryption.
This level authenticates the destination peer and encrypts packets to protect them from tampering. This level is more resistant to cryptanalysis than Authentication and Low Level Encryption. However, processing speed is significantly reduced due to the complex calculations involved in encryption/decryption.
If you select User Settings, you can change the settings in the Security Details area manually.
Select an option to specify how to manage IPsec.
Select one of the following encapsulation modes:
This mode protects the payload of IP packets. Select this mode for communications between IPsec hosts.
This mode protects entire IP packets. Select this mode for communications between security gateways (VPN devices, for example).
Note
Select the tunnel address type that you require.
If you select Tunnel for Encapsulation Mode, you must also specify the IPsec coverage (i.e. the start and end of the tunnel end point).
Note
Specify how the machine responds when its IPsec settings do not match those of the destination peer. Select one of the following responses:
If the IPsec settings are inconsistent with the peer, communication is performed in clear text; at all other times, communication is protected by IPsec.
If the IPsec settings are inconsistent with the peer, communication is disabled; at all other times, communication is protected by IPsec.
Select the method of authenticating the destination peer. If you select PSK, you must enter a text string for PSK Text.
The current status of the PSK (Pre-Shared Key) is displayed. If the message Not Set is displayed, click Change, and then enter the PSK text string.
For details about the PSK Text pageSelect the hash algorithm type for Phase 1.
Select the encryption algorithm type for Phase 1.
Select the Diffie-Hellman Group type for Phase 1.
Specify how long the communication channel for Phase 1 remains valid. You can enter a value between 300 and 172800 (seconds).
Select the security protocol for Phase 2. If you select AH, the Encryption Algorithm Permissions option is unavailable.
Select the authentication algorithm type for Phase 2.
Select the encryption algorithm type for Phase 2. You can select one or more types.
Specify whether to enable or disable the PFS group for Phase 2. If you want to enable it, select a group type.
Specify how long the communication channel for Phase 2 remains valid. You can enter a value between 300 and 172800 (seconds).
Click to send the settings to the machine. To apply the settings, click OK on the IPsec page.
Click to cancel the settings.