IKE Proposals

IKE proposals are sets of parameters for Phase I IPSec negotiations. During Phase 1, the two peers establish a secure tunnel within which they then negotiate the Phase 2 parameters.

You configure IKE proposals on the VPN Concentrator, not on the VPN 3002. The VPN Concentrator software includes a set of preconfigured IKE proposals active by default, and a second preconfigured set inactive by default. You can configure additional IKE proposals to a maximum of 150. On the VPN Concentrator, see Configuration | System | Tunneling Protocols | IPSec | IKE Proposals.

Valid IKE Proposals

Table A-1 describes IKE proposals that are valid for the VPN 3002 Hardware Client. Use this information to configure IKE proposals for the VPN 3002. For instructions about configuring IKE proposals, see the section, "Configuration | System | Tunneling Protocols | IPSec| IKE Proposals | Add, Modify, or Copy" in the Tunneling chapter of the VPN 3000 Series Concentrator
Reference Volume I.

Proposal Name Authentication
Mode Authentication Algorithm Encryption Algorithm Diffie- Hellman
Group

CiscoVPNClient-3DES-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-DES-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

DES-56

Group 2
(1024 bits)

CiscoVPNClient-AES128-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES192-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-192

Group 2
(1024 bits)

CiscoVPNClient-AES192-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-192

Group 2
(1024 bits)

CiscoVPNClient-AES256-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-3DES-MD5

Preshared Keys

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

IKE-3DES-SHA

Preshared Keys

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-DES-MD5

Preshared Keys

MD5/HMAC-128

DES-56

Group 2
(1024 bits)

IKE-AES128-MD5

Preshared Keys

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

IKE-AES128-SHA

Preshared Keys

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES192-MD5

Preshared Keys

MD5/HMAC-128

AES-192

Group 2
(1024 bits)

IKE-AES192-SHA

Preshared Keys

SHA/HMAC-160

AES-192

Group 2
(1024 bits)

IKE-AES256-MD5

Preshared Keys

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

IKE-AES256-SHA

Preshared Keys

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-DES-MD5-RSA-DH1

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

DES-56

Group 1
(768 bits)

CiscoVPNClient-AES128-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES256-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-3DES-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-AES128-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES128-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES192-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES192-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES256-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-256

Group 5
(1536 bits)

CiscoVPNClient-AES256-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

IKE-3DES-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

IKE-3DES-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-AES128-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

IKE-AES128-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES256-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

IKE-AES256-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-DES-MD5-RSA-DH1

RSA Digital Certificate

MD5/HMAC-128

DES-56

Group 1
(768 bits)

IKE-3DES-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

3DES-168

Group 5
(1536 bits)

IKE-3DES-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

IKE-AES128-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-128

Group 5
(1536 bits)

IKE-AES128-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

IKE-AES192-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-192

Group 5
(1536 bits)

IKE-AES192-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

IKE-AES256-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-256

Group 5
(1536 bits)

IKE-AES256-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

CiscoVPNClient-3DES-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-AES128-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES192-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES256-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

IKE-3DES-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-AES128-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES256-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-3DES-SHA-DSA-DH5

DSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

Table of Contents

IKE Proposals

Valid IKE Proposals