Motorola WS5100 用户手册

6-41

 

6. If the properties of an existing policy are no longer relevant and cannot be edited to be useful, click the 

 button to define a new policy. 

a. Configure a set of attributes for the new IKE policy: 

Define the priority for the IKE policy. The available range is from 1 to 65,543, with 1 being 
the highest priority value. 

Set the encryption method used to protect the data transmitted between peers. Options 
include:

• DES. 56-bit DES-CBC is less secure but faster than the alternatives. The default value. 

• 3DES - 168-bit Triple DES.

• AES - 128-bit AES.

• AES 192 - 192-bit AES.

• AES 256 - 256-bit AES.

Define the hash algorithm used to ensure data integrity. The hash value validates a packet 
comes from its intended destination, and has not been modified in transit. Options include:

• SHA - The default value.

• MD5 - MD5 has a smaller digest and is somewhat faster than SHA-1.

Set the authentication scheme used to validate the identity of each peer. Pre-shared keys do 
not scale accurately with a growing network but are easier to maintain in a small network. 
Options include:

• Pre-shared Key - Uses pre-shared keys.

• RSA Signature- Uses a digital certificate with keys generated by the RSA signatures 

algorithm.

Define an integer for the SA lifetime. The default is 60 seconds. With longer lifetimes, 
security defines future IPSec security associations quickly. Encryption strength is great 
enough to ensure security without using fast rekey times. Motorola recommends using the 
default value.

Set the Diffie-Hellman group identifier. IPSec peers use the defined value to derive a shared 
secret without transmitting it to one another.