2.1.24. Managed FW / UTM IPsec setting value (reference)

For the parameters that are set by default except for the items set by the user, the following is set.

Phase1

Parameters

Values

Input / selectable

Interface

Select from below.
[port4] [port5] [port6] [port7] [port8] [port9] [port10]
Remote Gateway

(User input)

IP version IPv4 ×
IKE version IKEv1 ×
Proposal
Select from below.
[aes128-sha256] [aes128-sha384] [aes128-sha512]
[aes192-sha256] [aes192-sha384] [aes192-sha512]
[aes256-sha256] [aes256-sha384] [aes256-sha512]
DH Group
Select from below.
[14] [15] [16] [17] [18] [19] [20] [21]
Keylife

86400 seconds

×
Authmethod

Pre-shared key

×
Preshared Key

(User input)

Mode

main mode

×
Auto Negotiate

Enabled

×
Negotiate Timeout

30 seconds

×
DPD(Dead Peer Detection)

Enabled

×
DPD retrycount

3 times

×
DPD retryinterval

5 seconds

×
NAT Traversal

Enabled

×
NAT Traversal Keepalive

10 seconds

×

Note

  • In IPsec VPN, NAT traversal is supported by default. Therefore, IPsec communication is possible even in a configuration where NAT equipment exists between Managed Firewall / UTM. However, it is necessary to satisfy the following requirements.

    • There is no problem with IP connectivity between Managed Firewall / UTM.

    • UDP / port number: 500, UDP / port number: 4500, and IP / protocol number: 50 are allowed to communicate from Initiator to Responder


Phase2

Parameters

Values

Input / selectable

Proposal
Select from below.
[aes128-sha256] [aes128-sha384] [aes128-sha512]
[aes192-sha256] [aes192-sha384] [aes192-sha512]
[aes256-sha256] [aes256-sha384] [aes256-sha512]
DH Group
Select from below.
[14] [15] [16] [17] [18] [19] [20] [21]
Encapsulation

tunnel mode

×
Keylife

43200 seconds

×
Auto Negotiate

Enabled

×
Keepalive

Enabled

×
PFS(Perfect Forward Security)

Enabled

×
Anti Replay Check

Enabled

×