Panasonic bb-hgw700 User Manual
Operating Instructions
90
Phase 1 Setup
Phase 2 Setup
Notes
•
When the conversion mode is set to Aggressive, both IPsec devices must have the same DH group
set.
set.
•
When connecting an IPsec camera to the WAN side, the conversion mode must be set to Main.
Conversion Mode
Set the IKE phase 1 conversion mode to Main or Aggressive. The
key conversion procedure for Aggressive is simpler but security is
slightly reduced.
key conversion procedure for Aggressive is simpler but security is
slightly reduced.
Life Time
Set the IKE SA lifetime. The time must be set between 5 minutes and
2400 hours.
2400 hours.
Proposal Entry
Set whether to Enable or Disable this proposal. Proposals that are
disabled will not be proposed.
disabled will not be proposed.
Proposal Encryption
Set the method of encryption used in phase 1. Select an encryption
method from DES, 3DES, AES (128 bit), AES (192 bit), and AES
(256 bit).
method from DES, 3DES, AES (128 bit), AES (192 bit), and AES
(256 bit).
Proposal Hash
Set the authentication algorithm (hash). Select from MD5 and SHA-
1.
1.
Proposal DH Group
Set the DH (Diffie-Hellman) group used in phase 1. Select between 1
and 2. DH group 2 is has increased security compared to DH group
1, but group 1 is not weak.
and 2. DH group 2 is has increased security compared to DH group
1, but group 1 is not weak.
Life Time
Set the IPsec SA lifetime. The time must be set between 5 minutes
and 2400 hours.
and 2400 hours.
PFS
Set whether to turn on PFS (Perfect Forward Security) in phase 2.
Select from Enable DH Group 2, Enable DH Group 1, and Disable.
When Enable Group 2 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 2 creates a secret shared key.
When Enable Group 1 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 1 creates a secret shared key.
When Disabled is selected, the secret shared key created in phase 1
is used in phase 2. Security is increased when PFS is enabled rather
than disabled.
Select from Enable DH Group 2, Enable DH Group 1, and Disable.
When Enable Group 2 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 2 creates a secret shared key.
When Enable Group 1 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 1 creates a secret shared key.
When Disabled is selected, the secret shared key created in phase 1
is used in phase 2. Security is increased when PFS is enabled rather
than disabled.
Proposal Entry
Set whether to Enable or Disable this proposal. Proposals that have
Disable set will not be proposed.
Disable set will not be proposed.
Proposal Encryption
Set the method of encryption. Select from an encryption method
from DES, 3DES, AES (128 bit), AES (192 bit), AES (256 bit) and
NULL.
from DES, 3DES, AES (128 bit), AES (192 bit), AES (256 bit) and
NULL.
Proposal Hash
Set the authentication algorithm (hash). Select from MD5, SHA-1,
and None (authentication algorithm not used).
and None (authentication algorithm not used).