If you were wondering how to use the HHG-2500’s IPSec, here’s how you do it.
Phase1 proposal should contain:
- 3DES
- SHA1 or MD5
- DH group 5
- Lifetime: 28000
Phase2 settings:
- 3DES
- SHA1 or MD5
- PFS Group 5
- Lifetime: 28000
It’s important to notice that the HHG-2500 does not offer AES as cipher neither in P1 nor in P2. Not sure why, since the software used within the HHG-2500 is FreeSwan. I’m guessing that it is due to performance reasons.
My suggestion is to pick SHA1 as the hash algorithm if you can as MD5 is considered insecure at this point.
Also important that it won’t establish P2 SAs if you don’t enable PFS (which is of course a good thing).
Since the UI lets you enter only one remote subnet, there can only be one SA established at any given moment. You need to get around this problem by summarising your subnets according to your needs.
I hope this helps.