D-Link DFL-700 User Manual

Proposal Lists

To agree on the VPN connection parameters, a negotiation process is performed. As the

result of the negotiations, the IKE and IPSec security associations (SAs) are established. As
the name implies, a proposal is the starting point for the negotiation. A proposal defines
encryption parameters, for instance encryption algorithm, life times etc, that the VPN gateway
supports.

There are two types of proposals, IKE proposals and IPSec proposals. IKE proposals are

used during IKE Phase-1 (IKE Security Negotiation), while IPSec proposals are using during
IKE Phase-2 (IPSec Security Negotiation).

A Proposal List is used to group several proposals. During the negotiation process, the

proposals in the proposal list are offered to the remote VPN gateway one after another until a
matching proposal is found.

IKE Proposal List

Cipher – Specifies the encryption algorithm used in this IKE proposal. Supported

algorithms are AES, 3DES, DES, Blowfish, Twofish and CAST128.

Hash – Specifies the hash function used to calculate a check sum that reveals if the data

packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.

Life Times – Specifies in KB or seconds when the security associations for the VPN

tunnel need to be re-negotiated.

IPSec Proposal List

Cipher – Specifies the encryption algorithm used in this IPSec proposal. Supported

algorithms are AES, 3DES, DES, Blowfish, Twofish and CAST128.

HMAC – Specifies the hash function used to calculate a check sum that reveals if the data

packet is altered while being transmitted. MD5 and SHA1 are supported algorithms.

Life Times – Specifies in KB or seconds when the security associations for the VPN

tunnel need to be re-negotiated.