VPN advanced configuration 171Configuration GuideUsers configurationThis section provides configuration information for the client tunnel.Users configuration navigation• User database configuration parameters (page 171)• IP address pool configuration parameters (page 172)• VPN client termination configuration parameters (page 172)User database configuration parametersThe following section describes the parameters for the configuration of users located atConfiguration, VPN, Users, User Database tab.Authentication Select the preferred authentication method.Select None to indicates no authentication method is required.Select HMAC-MAC5, the message authentication code is calculated usingthe MD5 cryptographic hash function. This cryptographic hash functionhas some additional security properties with a 128-bit hash value, which iscommonly used to check the integrity of files.Select HMAC-SHA1, the message authentication code is calculated usingthe SHA1 algorithm. This cryptographic hash function computes acondensed digital representation to a high degree of probability.IPSec Mode Select the IPSec mode.Select Tunnel, IPSec encrypts the IP header and the Payload.Select Transport, IPSec encrypts only the Payload.Preferred Forward Secrecy Select the Preferred Forward Secrecy (PFS). Select one of the followingoptions:• Select None – IKE does not use any PFS.• PFS Group 1 – IKE uses a 768-bit Diffie-Hellman Prime modulesgroup for performing the new Diffie-Hellman exchange.• PFS Group 2 – IKE uses a 1024-bit Diffie-Hellman Prime modulesgroup for performing the new Diffie-Hellman exchange.• PFS Group 5 – IKE uses a 1536-bit Diffie-Hellman Prime modulesgroup for performing the new Diffie-Hellman exchange.Life Time Select the lifetime unit. It can be seconds, minutes, or hours.The default value is seconds.Life Time Value Type the lifetime value.The default value is 800 seconds.Anti Replay Displays the anti-replay status for the IKE pre-shared secret policy.Displays one of the following:• ENABLE - anti-replay functionality is activated.• DISABLE - anti-replay functionality is deactivated.The default value is ENABLE.Variable Value
