Configuring Advanced Settings for SSL VPN Parent topic

Procedure

  1. Go to NetworkUser VPNSSL VPNGeneral.
  2. Click Advanced Settings.
  3. Select the Encryption algorithm:
    Option Description
    AES 128 CBC A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 128-bit key.
    AES 192 CBC A 192-bit block Cipher Block Chaining (CBC) algorithm that uses a 192-bit key.
    AES 256 CBC A 256-bit block Cipher Block Chaining (CBC) algorithm that uses a 256-bit key.
    3DES Triple-DES, in which plain text is encrypted three times by three keys.
    BF-CDC A 64-bit block unpatented, keyed, symmetric Cipher Block Chaining (CBC) algorithm by Blowfish.
    Note
    Note
    The Digital Encryption Standard (DES) is a 64-bit block algorithm that uses a 56-bit key. The Advanced Encryption Standard (AES) is a private key algorithm supporting key lengths from 128 to 256 bits and variable-length blocks of data.
  4. Select the Authentication algorithm:
    Option Description
    MD5 Message Digest (version 5) hash algorithm (on one-way hash function) developed by RSA Data Security, which is intended for digital signature applications, where a large file must be compressed in a secure manner before being encrypted with a private key/public key algorithm.
    SHA1 Secure Hash Algorithm 1, which produces a 160-bit message digest. The large message digest provides security against brute-force collision and inversion attacks.
  5. Select the key size:
    • 1024-bit
    • 2048-bit
  6. Set the Key lifetime options in hours (1-24). Maximum allowable hours is 24.
  7. Specify the Local DNS settings.
  8. Add or remove Local Domains:
    • Use the >> option to add a new local domain
    • Use the << option to remove an existing local domain
  9. Select the Enable compress traffic check box to allow SSL VPN traffic to be transparently compressed and uncompressed.
  10. Select the Enable debug mode check box to show additional debugging information SSL VPN logs.
  11. Select the Enable simultaneous logon check box to allow multiple client to use a single account.
  12. Select the Enable network masquerade check box to automatically add NAT rule.
  13. Click Apply.