
Using the VPN tabs
Issue 4 May 2005 143
Payload key lifetime defines the extent to which a single set of
cryptographic keys is used when applying VPN services to IP
packets. Lifetimes are either time based or based on throughput.
Time-based lifetimes are based on the amount of time that the
keys are used without a key change. Throughput lifetimes are
defined by the amount of data that is acted on by a set of keys.
The more often a key is changed, the “more secure” the system.
However, frequent key changes can affect system performance.
Enter a numerical value and select a unit of measure for both
time-based and throughput lifetimes. Whichever occurs first
triggers the new key.
Note: For time-based lifetime, the following are the
minimum values in each category: Day = 1,
Minutes = 1, and Seconds = 60.
Diffie-Hellman groups define the cryptographic key strengths
used during IKE negotiations. The level of security increases as
the DH group number increases. Using a higher level DH group
results in longer key exchange times.
Group 1
Key strength: 768 bit
Platform support: SG5, SG5x, SG200, SG203, and SG208
Group 2
Key strength: 1024 bit
Platform support: SG5, SG5X, SG200, SG203, and SG208
Group 5
Key strength: 1536 bit
Platform support: SG5, SG5X, SG200, SG203, and SG208
Group 14
Key strength: 2048 bit
Platform support: SG203 and SG208
See RFC2409 for more information on Diffie-Hellman Groups.
Field Description