Authentication

Select one of the following dynamic tunnel authentication algorithms from the drop-down list:
  • Select AES GMAC 128-bit key to use the Advanced Encryption Standard (AES) Galois message authentication code (GMAC) algorithm to encode authentication data in either AH or ESP headers, with 128-bit keys. If you select AES GMAC 128 bit key, Do not encrypt is the only choice that is allowed for encryption.
  • Select AES GMAC 256-bit key to use the Advanced Encryption Standard (AES) Galois message authentication code (GMAC) algorithm to encode authentication data in either AH or ESP headers, with 256-bit keys. If you select AES GMAC 256 bit key, Do not encrypt is the only choice that is allowed for encryption.
  • Select AES XCBC 128-bit key (96-bit ICV) to use the Advanced Encryption Standard (AES) cipher block chaining (CBC) algorithm with 128-bit keys to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers, with 128-bit keys and 96-bit Integrity Check Value (ICV).
  • Select HMAC MD5 to use the hashed message authentication code (HMAC) message digest 5 (MD5) algorithm to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers. This is the default. Do not select HMAC_MD5 if the stack is configured for FIPS 140 mode.
  • Select HMAC SHA1 to use the hashed message authentication code (HMAC) Secure Hash Algorithm (SHA) algorithm to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers. This is the default setting if FIPS 140 mode is set.
  • Select HMAC SHA2 256-bit key (128-bit ICV) to use the hashed message authentication code (HMAC) Secure Hash Algorithm (SHA) algorithm to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers, with 256-bit keys and a 128-bit Integrity Check Value (ICV).
  • Select HMAC SHA2 384-bit key (192-bit ICV) to use the hashed message authentication code (HMAC) Secure Hash Algorithm (SHA) algorithm to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers, with 384-bit keys and a 192-bit Integrity Check Value (ICV).
  • Select HMAC SHA2 512-bit key (256-bit ICV) to use the hashed message authentication code (HMAC) Secure Hash Algorithm (SHA) algorithm to encode authentication data in either Authentication Header (AH) or Encapsulating Security Payload (ESP) headers, with 512-bit keys and a 256-bit Integrity Check Value (ICV).

If you select Do not encrypt for encryption and the Encapsulating Security Payload (ESP) for authentication, the ESP header is present, but the payload is not encrypted.

Rule: This security level cannot be used in a stack configured for FIPS 140 if the following algorithms are selected:

HMAC MD5

AES XCBC 128-bit key (96-bit ICV)

Parent topic: Ciphers