cc/td/doc/product/vpn/vpn3002/4_7
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table Of Contents

IKE Proposals

Valid IKE Proposals


IKE Proposals


IKE proposals are sets of parameters for Phase I IPSec negotiations. During Phase 1, the two peers establish a secure tunnel within which they then negotiate the Phase 2 parameters.

You configure IKE proposals on the VPN Concentrator, not on the VPN 3002. The VPN Concentrator software includes a set of preconfigured IKE proposals active by default, and a second preconfigured set inactive by default. You can configure additional IKE proposals to a maximum of 150. On the VPN Concentrator, see Configuration | System | Tunneling Protocols | IPSec | IKE Proposals.

Valid IKE Proposals

Table A-1 describes IKE proposals that are valid for the VPN 3002 Hardware Client. Use this information to configure IKE proposals for the VPN 3002. For instructions about configuring IKE proposals, see the section, "Configuration | System | Tunneling Protocols | IPSec| IKE Proposals | Add, Modify, or Copy" in the Tunneling chapter of the VPN 3000 Series Concentrator
Reference Volume I
.

Table A-1 Valid VPN 3002 Hardware Client IKE Proposals

Proposal Name
Authentication
Mode
Authentication Algorithm
Encryption Algorithm
Diffie- Hellman
Group

CiscoVPNClient-3DES-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-DES-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

DES-56

Group 2
(1024 bits)

CiscoVPNClient-AES128-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES192-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-192

Group 2
(1024 bits)

CiscoVPNClient-AES192-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-192

Group 2
(1024 bits)

CiscoVPNClient-AES256-MD5

Preshared Keys (XAUTH)

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA

Preshared Keys (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-3DES-MD5

Preshared Keys

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

IKE-3DES-SHA

Preshared Keys

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-DES-MD5

Preshared Keys

MD5/HMAC-128

DES-56

Group 2
(1024 bits)

IKE-AES128-MD5

Preshared Keys

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

IKE-AES128-SHA

Preshared Keys

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES192-MD5

Preshared Keys

MD5/HMAC-128

AES-192

Group 2
(1024 bits)

IKE-AES192-SHA

Preshared Keys

SHA/HMAC-160

AES-192

Group 2
(1024 bits)

IKE-AES256-MD5

Preshared Keys

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

IKE-AES256-SHA

Preshared Keys

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-DES-MD5-RSA-DH1

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

DES-56

Group 1
(768 bits)

CiscoVPNClient-AES128-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES256-MD5-RSA

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA-RSA

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-3DES-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-AES128-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES128-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES192-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES192-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES256-MD5-RSA-DH5

RSA Digital Certificate (XAUTH)

MD5/HMAC-128

AES-256

Group 5
(1536 bits)

CiscoVPNClient-AES256-SHA-RSA-DH5

RSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

IKE-3DES-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

3DES-168

Group 2
(1024 bits)

IKE-3DES-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-AES128-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

AES-128

Group 2
(1024 bits)

IKE-AES128-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES256-MD5-RSA

RSA Digital Certificate

MD5/HMAC-128

AES-256

Group 2
(1024 bits)

IKE-AES256-SHA-RSA

RSA Digital Certificate

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-DES-MD5-RSA-DH1

RSA Digital Certificate

MD5/HMAC-128

DES-56

Group 1
(768 bits)

IKE-3DES-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

3DES-168

Group 5
(1536 bits)

IKE-3DES-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

IKE-AES128-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-128

Group 5
(1536 bits)

IKE-AES128-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

IKE-AES192-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-192

Group 5
(1536 bits)

IKE-AES192-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

IKE-AES256-MD5-RSA-DH5

RSA Digital Certificate

MD5/HMAC-128

AES-256

Group 5
(1536 bits)

IKE-AES256-SHA-RSA-DH5

RSA Digital Certificate

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

CiscoVPNClient-3DES-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

CiscoVPNClient-AES128-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

CiscoVPNClient-AES256-SHA-DSA

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

CiscoVPNClient-3DES-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)

CiscoVPNClient-AES128-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-128

Group 5
(1536 bits)

CiscoVPNClient-AES192-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-192

Group 5
(1536 bits)

CiscoVPNClient-AES256-SHA-DSA-DH5

DSA Digital Certificate (XAUTH)

SHA/HMAC-160

AES-256

Group 5
(1536 bits)

IKE-3DES-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 2
(1024 bits)

IKE-AES128-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

AES-128

Group 2
(1024 bits)

IKE-AES256-SHA-DSA

DSA Digital Certificate

SHA/HMAC-160

AES-256

Group 2
(1024 bits)

IKE-3DES-SHA-DSA-DH5

DSA Digital Certificate

SHA/HMAC-160

3DES-168

Group 5
(1536 bits)



hometocprevnextglossaryfeedbacksearchhelp

Posted: Tue Apr 19 14:18:32 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.