Motorola SVG1501UE 用户手册
B
10 • VPN Pages
62
Field
Description
Phase 1 DH group
Select one of the Diffie-Hellman groups: 768 bits, 1024 bits, or
1536 bits.
1536 bits.
Diffie-Hellman is a cryptographic technique that uses public
and private keys for encryption and decryption. The higher the
number of bits, the more secure the encryption. Options:
Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits).
and private keys for encryption and decryption. The higher the
number of bits, the more secure the encryption. Options:
Group 1 (768 bits), Group 2 (1024 bits), or Group 5 (1536 bits).
Phase 1 encryption
Secure the VPN connection between endpoints: DES, 3DES,
AES-128, AES-192, or AES-256.
AES-128, AES-192, or AES-256.
Select any encryption but make the far endpoints match.
Common encryption settings are 3DES and AES.
Common encryption settings are 3DES and AES.
Phase 1 authentication
Set Authentication, another level of security, to SHA or MD5
Motorola recommends SHA because it is more secure but you
can use either authentication provided the other end of the
VPN tunnel uses the same method.
can use either authentication provided the other end of the
VPN tunnel uses the same method.
Phase 1 SA lifetime
Specify the lifetime of individual rotating keys.
Enter the number of seconds for the key to last until a re-key
negotiation between each endpoint is negotiated. The default
setting is 28,800 seconds.
negotiation between each endpoint is negotiated. The default
setting is 28,800 seconds.
A smaller lifetime is generally more secure, since it would give
an attacker a smaller amount of time to try to crack the key,
however key negotiation takes up bandwidth, so network
throughput is sacrificed with small lifetimes. Entries are
typically in the thousands or tens of thousands of seconds.
an attacker a smaller amount of time to try to crack the key,
however key negotiation takes up bandwidth, so network
throughput is sacrificed with small lifetimes. Entries are
typically in the thousands or tens of thousands of seconds.