Configuring VPN objects
154 Avaya VPNmanager Configuration Guide Release 3.7
22. Perfect Forward Secrecy (PFS) is a key-creation method used for assuring that a new key
is not related to any previous keys. This is done by using key creation values which are
independent of past values.
● Select Yes to use PFS.
● Select No to not use PFS.
23. Use the AH/ESP list to create packets containing IPSec headers. The payloads contain the
entire original packet (header and payload).
● Select AH Header to authenticate the entire packet.
This inserts an Authentication Header and Encapsulating Security Payload (ESP)
Header into packets and perform encryption on the payload.
● Select ESP Trailer to authenticate the entire packet, except for the IP header.
This will insert an ESP Header and ESP Trailer into packets and perform encryption on
the payload.
24. Use the Diffie-Hellman Group list to select which modulus to use for the keying algorithm.
● Select 1 to use a 768-bit modulus.
● Select 2 to use a 1024-bit modulus.
25. For detailed information about Group 1 and Group 2 algorithms, see section 6.2 of IETF
RFC 2395.
26. Use the IPSec Proposals options to create one or more proposals.
27. A proposal defines which IPSec parameters all the security gateways of a VPN must use. If
all the security gateways are of the same type, only one proposal needs to be created.
28. If an extranet (a VPN belonging to another organization) is going to connect to your VPN,
and its proposal is different, or unknown, additional proposals can be added to the Proposal
List to accommodate that unique security gateway. The security gateways will automatically
go through the list and negotiate on which proposal to use at the appropriate time.
● Click Add to open the Add IPSec Proposal dialog box.
● From the Encryption drop-down list, select the type of encryption to be applied to
packet payloads.
● Null. Payload is not encrypted, but AH/ESP headers are included. Used by engineers
for packet analysis.
● DES Single. DES encryption is applied to the payload.
● 3DES Triple. DES encryption is applied to the payload.
● AES-128. AES-128 advanced encryption is applied to the payload.
● RC5. Applies RC5 encryption.
● Any. Let the security gateways negotiate which encryption method to use.