Vantage CNM 2.0 User's Guide
11.1.17 Perfect Forward Secrecy (PFS)
Enabling PFS means that the key is transient. The key is thrown away and replaced by a brand
new key using a new Diffie-Hellman exchange for each new IPSec SA setup. With PFS
enabled, if one key is compromised, previous and subsequent keys are not compromised,
because subsequent keys are not derived from previous keys. The (time-consuming) Diffie-
Hellman exchange is the trade-off for this extra security.
This may be unnecessary for data that does not require such security, so PFS is disabled
(None) by default in the ZyXEL device. Disabling PFS means new authentication and
encryption keys are derived from the same root secret (which may have security implications
in the long run) but allows faster SA setup (by bypassing the Diffie-Hellman key exchange).
11.1.18 Pre-Shared Key
A pre-shared key identifies a communicating party during a phase 1 IKE negotiation. It is
called pre-shared because you have to share it with another party before you can communicate
with them over a secure connection.
11.2 VPN Tunnel Summary
Select a device and then click Configuration > VPN.
Figure 73 Configuration > VPN
The following table describes the labels in this screen.
Table 56 Configuration > VPN
LABEL
Index
Name
155
DESCRIPTION
This is the VPN policy index number
This field displays the identification name for this VPN policy.
Chapter 11 Configuration > VPN