DH: Its a key exchange method ( authentication purposes) used to provide as much security as need it as it will use 2 different keys, one private and one public, the public being sent over the internet to the remote peer so they can authenticate each other.
Encryption Algorithm: Algorithm used to encrypt x traffic so no one else knows what that is! so this will say how strong the algoritmh method will be (Des,3des,Aes)
This migth help:
Each IPSec peer has three keys:
A private key that's kept secret and never shared. It's used to sign messages.
A public key that's shared. It's used by others to verify a signature.
A shared secret key that's used to encrypt data using an encryption algorithm (DES, MD5, and so on). The shared secret key is derived from Diffie-Hellman key generation.
lifetime: Determines the amount of time a VPN tunnel can be up or the amount of data that can traverse a VPN tunnel without this being re-generated.
So as an example if you set a lifetime for IKE1 of 35800 seconds. after 35800 that phase 1 needs to be re-stablished.
It is important to recall Prashant that this is the only set of the configuration ( Lifetime) that does not got to match on both ends. The lowest lifetime will be the one used.
Hope I have been clear with this!
Looking for some Networking Assistance?
Contact me directly at email@example.com
I will fix your problem ASAP.
Julio Carvajal Segura
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...