Manual tunnel support
Manual tunnels provide backward compatibility, and they interoperate with machines that do not support IKE key management protocols. The disadvantage of manual tunnels is that the key values are static. The encryption and authentication keys are the same for the life of the tunnel and must be manually updated.
The following table shows the authentication algorithms that can be used with the AH and ESP security protocols for manual tunnel support.
| Algorithm | AH IP Version 4 | AH IP Version 6 | ESP IP Version 4 | ESP IP Version 6 |
|---|---|---|---|---|
| HMAC MD5 | X | X | X | X |
| HMAC SHA1 | X | X | X | X |
| AES CBC (128, 192, 256) | X | X | ||
| Triple DES CBC | X | X | ||
| DES CBC 8 | X | X | ||
| DES CBC 4 | X | X |
Because IKE tunnels offer more effective security, IKE is the preferred key management method.