The page IPSec Keying Properties page is used to define the IPSec connection's security encryption settings.
The Internet Key Exchange (IKE) and Encapsulated Security payload (ESP) parameters are used to define the security of your IPSec tunnel. The Internet Key Exchange (IKE) parameters group is used to select the Encryption, Authentication and Diffie-Helman Group. The Encapsulated Security payload (ESP) parameters group is used to select the Encryption and Authentication.
The Encryption drop down list offers the following standards for selection:
Triple DES uses three DES encryptions on a single data block with three different keys to achieve a higher security than is available from a single DES pass (block cipher algorithm with 64-bit blocks and a 56-bit key).
AES 128 bit cryptography scheme is a symmetric block cipher, which encrypts and decrypts 128-bit blocks of data.
AES 192 bit cryptography scheme is a symmetric block cipher, which encrypts and decrypts 192-bit blocks of data.
AES 256 bit cryptography scheme is a symmetric block cipher, which encrypts and decrypts 256-bit blocks of data.
The area Authentication offers the following parameters to be selected:
SHA (Secure Hash Algorithm) is a strong digest algorithm proposed by the US NIST (National Institute of Standards and Technology) agency as a standard digest algorithm and is used in the Digital Signature standard, FIPS number 186 from NIST. SHA is an improved variant of MD4 producing a 160-bit hash. SHA and MD5 are the message digest algorithms available in IPSEC.
MD5 (Message Digest) is a hash algorithm that makes a checksum over the messages. The checksum is sent with the data and enables the receiver to notice whether the data has been altered.
The Diffie-Hellman parameter is used to determine the length of the base prime numbers used during the key exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the Diffie-Hellman group, which is based upon the prime numbers. The higher is the group bit rate, the better is encryption. If mismatched groups are specified on each peer, negotiation fails.
The button Next of this wizard will lead you to the page Automatic Keying.