Table of Contents
Advertisement
Set it according to Local ID of the
opposite device. Normally, specify the
IPsec communication target LAN subnet
of the peer device.
Encryption
Set the encryption algorithm to be used
Algorithms
at IKE phase 2.
• AES256-CBC
• AES192-CBC
• AES128-CBC
• 3DES-CBC
• NULL
Authentication
Set the authentication algorithm to be
Algorithms
used at IKE phase 2.
• HMAC-SHA1-96
• HMAC-SHA2-256
• HMAC-MD5-96
Life Time (sec)
Set the validity period of the IPsec SA.
Input range is from 300 to 691,200
seconds.
Life Time with Data
Specify the amount of data to
(Kbyte)
communicate on the IPsec SA in Kbytes.
PFS
• Disable: means PFS is not
• 768bit: guarantees PFS using DH-
• 1024bit: guarantees PFS using DH-
• 1536bit: guarantees PFS using DH-
• 2048bit: guarantees PFS using DH-
Commit-bit
Check if Commit bit function is to be
used. The Commit bit is set at SA
establishment. When this product is a
responder, set the Commit bit.
Rekey
• Enable: IKE negotiation begins when
• Always: IKE negotiation starts after
guaranteed.
Group1
Group2
Group5
Group14
there is IPsec target traffic. Also,
rekeying is done when there is traffic
using the generated SA.
are multiple subnets
subject to IPsec, input
more than one in remote
ID.
Use a value that is smaller
than the one set at the
destination. Rekey is done
at random between from
70% to 85% of the set
lifetime.
PFS
(Perfect Forward Secrecy)
|Setting/Setting Confirmation
AES256-CBC
HMAC-SHA1-96
28800
Not specified
Disabled
Not specified
Enable
213
Advertisement
Table of Contents
