Configuring Phase1 Proposal
This section describes how to configure a Phase1 proposal.
Creating a Phase1 Proposal
To create a P1 proposal, take the following steps:
- On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the Phase1 Proposal tab.
- Click New. In the Phase1 Proposal Configuration dialog, configure options.
- Proposal name: Specifies or displays the name of the Phase1 proposal.
- Authentication: Specifies the IKE identity authentication method. IKE identity authentication is used to verify the identities of both communication parties. There are two methods for authenticating identity: pre-shared key and RSA signature. The default value is pre-shared key. For pre-shared key method, the key is used to generate a secret key and the keys of both parties must be the same so that it can generate the same secret keys.
- Hash: Specifies the authentication algorithm for Phase1. Select the algorithm you want to use.
MD5 - Uses MD5 as the authentication algorithm. Its hash value is 128-bit.
SHA-1 - Uses SHA-1 as the authentication algorithm. Its hash value is 160-bit. This is the default hash algorithm.
SHA-256 - Uses SHA-256 as the authentication algorithm. Its hash value is 256-bit.
SHA-384 - Uses SHA-384 as the authentication algorithm. Its hash value is 384-bit.
SHA-512 - Uses SHA-512 as the authentication algorithm. Its hash value is 512-bit.
- Encryption: Specifies the encryption algorithm for Phase1.
3DES - The key length is 192-bit. This is the default encryption algorithm.
DES - Uses DES as the encryption algorithm. The key length is 64-bit.
AES - Uses AES as the encryption algorithm. The key length is 128-bit.
AES-192 - Uses 192-bit AES as the encryption algorithm. The key length is 192-bit.
AES-256 - The key length is 256-bit.
- DH group: Specifies the DH group for Phase1 proposal.
Group1 - Uses Group1 as the DH group. The key length is 768-bit.
Group2 - Uses Group2 as the DH group. The key length is 1024-bit. Group2 is the default value.
Group5 - Uses Group5 as the DH group. The key length is 1536-bit.
- Lifetime: Specifies the lifetime of SA Phase1. The value range is 300 to 86400 seconds. The default value is 86400. Type the lifetime value into the Lifetime box. When the SA lifetime runs out, the device will send a SA P1 deleting message to its peer, notifying that the P1 SA has expired and it requires a new SA negotiation.
- Click OK to save the settings.
Editing a Phase1 Proposal
To edit the P1 proposal settings, take the following steps:
- On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the Phase1 Proposal tab.
- Select the Phase1 proposal you want to edit from the list, and click Edit.
- In the Phase1 Proposal Configuration dialog, modify according to you need and click OK to save the changes.
Deleting a Phase1 Proposal
To delete a phase1 proposal, take the following steps:
- On the Navigation pane, click Configure > Network > IPSec VPN to visit the IPSec VPN page. Click the Phase1 Proposal tab.
- Select the Phase1 proposal you want to delete from the list, and then click Delete.