Casio CasioIsa 550 With Wifi 3y Security ISA550WBUN3K9 Manual De Usuario

Using the Site-to-Site VPN Wizard to Configure Site-to-Site VPN

Cisco ISA500 Series Integrated Security Appliances Administration Guide

69

 

-

Group 14 (2048-bit) 

•

Lifetime: Enter the number of seconds for the IKE Security Association (SA) 
to remain valid. As a general rule, a shorter lifetime provides more secure 
ISAKMP negotiations. However, with shorter lifetimes, the security appliance 
sets up future IKE SAs more quickly. 

Click OK to save your settings. 

After you are finished, click Next.

Use the Transform Policies page to configure the transform policies and to specify 
a transform set for the IPsec VPN policy. You can choose the default or a custom 
transform set. 

Click Add to add a transform set. 

Other options: To edit an entry, click Edit. To delete an entry, select it and click 
Delete. The default transform set (DefaultTrans) cannot be edited or deleted. 

Enter the following information:

•

Name: Enter the name for the transform set. 

•

Integrity: Choose the hash algorithm used to ensure data integrity. The hash 
algorithm ensures that a packet comes from where it says it comes from, and 
that it has not been modified in transit. 

-

ESP_SHA1_HMAC: Authentication with SHA1 (160-bit).

-

ESP_MD5_HMAC: Authentication with MD5 (128-bit). MD5 has a smaller 
digest and is considered to be slightly faster than SHA1. A successful (but 
extremely difficult) attack against MD5 has occurred; however, the HMAC 
variant that IKE uses prevents this attack.

•

Encryption: Choose the symmetric encryption algorithm that protects data 
transmission between two IPsec peers. The default is ESP_3DES. The 
Advanced Encryption Standard supports key lengths of 128, 192, 256 bits. 

-

ESP_3DES: Encryption with 3DES (168-bit).

-

ESP_AES_128: Encryption with AES (128-bit).

-

ESP_AES_192: Encryption with AES (192-bit).

-

ESP_AES_256: Encryption with AES (256-bit).