The Phase 2 Settings Tab is used to define the configuration parameters
required for the Client to establish any number of IPSEC SAs with the remote Client Gateway.
Transform Algorithm
Select the cryptographic Transform Algorithm to be proposed during phase 2
negotiations. The default value for this setting is esp-3des ( or ESP Triple DES ).
Transform Key Length
Select the cryptographic Transform Algorithm Key Length to be proposed during
phase 2 negotiations. Some algorithms use a fixed key length. If one of these
Transforms are selected, this option will be grayed out. Other algorithms have a
variable key length which will need to be defined. The default value for this
setting is variable depending on the selected Transform Algorithm.
HMAC Algorithm
Select the HMAC Algorithm to be proposed during phase 2 negotiations. The
default value for this setting is md5.
Compression Algorithm
No Compression Algorithms are currently supported. This setting should be
grayed out.
PFS Exchange
Select the PFS DH Exchange group description to be proposed during phase 2
negotiations. When a remote gateway is configured to support the Configuration
Transaction Exchange, it should be able to assign a valid DH Exchange group for
PFS automatically. The default value for this setting is Auto.
Key Life Time Limit
Enter the Key Life Time Limit to be proposed during phase 2 negotiations. This
setting will determine the life time of an IPSEC SA. The default value for this
setting is 3600 Seconds.
Key Life Data Limit
PLEASE NOTE: This setting is offered for IKE compatibility only. IPSEC SA data
limits are not currently enforced by the Shrew Soft VPN Client.
Enter the Key Life Data Limit to be proposed during phase 2 negotiations. This
setting will determine the number of kilobytes that can be protected by an IPSEC
SA. If a 0 value is specified, no life data limit is negotiated. The default value for
this setting is 0.
