Table of Contents
Advertisement
PFS
Rekey
Rekey Remaining
Time(sec)
[Note]
The IPsec remote ID and static routing setting priority is as follows.
If the VPN operation mode is policy based, when the remote ID of IKE Phase 2 is registered, the static route will be
automatically registered. This route is prioritized over the normal static route. Routes to the local ID of IKE Phase 2 are
not automatically registered as static routes, IPv4 routing settings need to be added.
*Although the above is about IKEv1, IKE v2's IKE_AUTH exchange setting local traffic selector and remote traffic selector
are the same.
communicate on the IPsec SA in
Kbytes.
• Disable: means PFS is not
guaranteed.
• 768bit: guarantees PFS using DH-
Group1
• 1024bit: guarantees PFS using
DH-Group2
• 1536bit: guarantees PFS using
DH-Group5
• 2048bit: guarantees PFS using
DH-Group14
• Enable: IKE negotiation begins
when there is IPsec target traffic.
Also, rekeying is done when there
is traffic using the generated SA.
• Always: IKE negotiation starts
after the IP address of this
product's WAN interface is set,
regardless of the existence of
traffic of the IPsec target.
Moreover, rekeying is done
regardless of the existence of
traffic using the generated SA.
• No Rekey: IKE negotiation starts
when traffic of the IPsec target is
generated. In this mode, no
rekeying is done.
Rekey Automatic update of SA
starts when the remaining time
(sec) becomes less than the
specified value (30 to 345600
seconds).
PFS
(Perfect Forward
Secrecy)
|Setting/Setting Confirmation
Disabled
Enable
Not Set
221
Advertisement
Table of Contents
