03-15-2012 12:45 AM - edited 03-11-2019 03:42 PM
iffrence between DH group and des.
As from understanding DH uses two separate key to encrypt and decrypt the data.
Des use single key to encrypt the data
so during phase 1 in site to site vpn we use enccryption alogrithm say des and DH group also
so why both encryption algorithm and DH group is used.please explain.
Other think what is the use of lifetime in phase 1 and phase 2.
03-15-2012 06:18 PM
DH: Its a key exchange method ( authentication purposes) used to provide as much security as need it as it will use 2 different keys, one private and one public, the public being sent over the internet to the remote peer so they can authenticate each other.
Encryption Algorithm: Algorithm used to encrypt x traffic so no one else knows what that is! so this will say how strong the algoritmh method will be (Des,3des,Aes)
This migth help:
NOTE
Each IPSec peer has three keys:
lifetime: Determines the amount of time a VPN tunnel can be up or the amount of data that can traverse a VPN tunnel without this being re-generated.
So as an example if you set a lifetime for IKE1 of 35800 seconds. after 35800 that phase 1 needs to be re-stablished.
It is important to recall Prashant that this is the only set of the configuration ( Lifetime) that does not got to match on both ends. The lowest lifetime will be the one used.
Hope I have been clear with this!
Julio
03-15-2012 11:01 PM
Hi Julio
So what about pre-shared key it is main used to authenticate the peers ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide