Vpn Tunnel Configuration Parameters; Table 10.4. Vpnttunnel Configuration Parameter - Asus Internet Security Router User Manual

Internet Security Router User's Manual
Default lifetime
Default lifetime for the pre-configured IKE proposals and IPSec proposals is 3600 seconds. (One hour). It is
recommended to set lifetime value greater than 600 seconds, for a new IKE proposal or IPSec proposal. This
will reduce quick re-keying which will unnecessarily burden the system.
Limits for key length
The maximum key length for pre shared key, cipher key and Authentication Key is 50characters. If the cipher
key length is greater than the length specified by the encryption algorithm, the key is truncated to the
appropriate length.
Priority of the connections
The allow-ike-io default rule has the highest priority (1). The allow-all default rule has the lowest priority. At any
point of time it is recommended to maintain this priority. If you add connections below the allow-all rule (lower
priority), it will not have any effect as the corresponding packets will match the allow-all rule and go without
encryption.
Important:
Note that these pre-configured Proposals/Connections are read-only and cannot be modified. If you have to
specify a proposal (other than the default), you should add a new one via the VPN configuration page. This
way you can control the proposals that become part of a connection.
Note: For the negotiation to succeed, the peer gateway should also be configured with matching parameters.
However, any specific proposal can be chosen if needed.
This chapter includes the procedure to configure the Access List through GUI:
„ Basic Access List Configuration
Access List using IKE
Access List using Manual Keys
„ Advanced Access List Configuration
Access List using IKE
Access List using Manual Keys

10.2 VPN Tunnel Configuration Parameters

Table 10.4 describes all the VPN tunnel configuration parameters available for various VPN configurations.
Options
VPN Connection Settings
ID
Add New
Rule number
Name
Enable
Disable
Move to
This option allows you to set a priority for this rule. The VPN service in the Internet Security Router
acts on packets based on the priority of the rule, with 1 being the highest priority. Set a priority by
selecting from the drop-down list for its position in the list of rules:

Table 10.4. VPNTtunnel Configuration Parameter

Description
Click on this option to add a new VPN rule.
Select a rule from the drop-down list, to modify its attributes.
Enter a unique name, preferably a meaningful name that signifies the tunnel
connection. Note that only alphanumeric characters are allowed in this field.
Select this radio button to enable this rule (default).
Select this radio button to disable this rule.
Chapter 10. Configuring VPN
87