Wednesday, November 4, 2009

Juniper - vpn proposal

IKE Phase 1 Proposal:


* Method: indicates whether preshared key (“pre”) or digital certificates (using “RSA”-Sig or “DSA”-Sig) are used as the authentication method

* DH Group: Indicates the Diffie-Hellman group used for the key generation or exchange (“g1”, “g2” or “g5”)

* Encrypt: Indicates the encryption algorithm (“3DES”, “DES” or “AES”)

* Auth: Indicates the hash algorithm (“MD5” or “SHA-1”)

Valeurs:
--------

(pre|dsa|rsa) (g1|g2|g5) (DES|3DES|AES) (MD5|SHA1)


Examples of a Phase 1 proposal include:
---------------------------------------

* pre-g1-des-md5
* dsa-g2-3des-sha1
* rsa-g5-aes128-md5
* or the current de-facto standard: pre-g2-3des-sha1


IPSEC Phase 2 Proposal:


* PFS: Indicates whether PFS is not being used (“nopfs”) or if it is, which DH group is being applied (“g1”, “g2” or “g5”).

* Encapsulation: Whether the ESP (“esp”) protocol is being used for encryption and authentication, or just the AH (“ah”) protocol.

* Encryption :  Indicates the encryption algorithm (“DES”, “3DES” or “AES”)

* Authentication:  Indicates  the hash algorithm (“MD5” or “SHA1”)

Valeurs:
--------

(nopfs|g1|g2|g5) (ESP|AH) (DES|3DES|AES) (MD5|SHA1)


Examples of a Phase 2 proposal include:
---------------------------------------

 nopfs-esp-des-md5
 g1-ah-null-sha1
 And the defacto standard: g2-esp-3des-sha1

No comments: