TP-Link TL-ER6120 User Manual page 95

ESP Encryption:
List of IPsec Proposal

In this table, you can view the information of IPsec Proposals and edit them by the action buttons.
3.5.2.3 IPsec SA
This page displays the information of the IPsec SA (Security Association).
Choose the menu VPN→IPsec→IPsec SA to load the following page.
Figure 3-62 displays the connection status of the NO.1 entry in the List of IPsec policy in Figure 3-60.
As shown in the figure, the router is using WAN2 for tunnel connection, and the IP address of WAN2
and the default gateway of remote peer are 172.30.70.151 and 172.30.70.161 respectively. Security
protocol and other parameters for IPsec tunnel and the remote router should be configured the same.
As Security Association is unidirectional, an ingoing SA and an outgoing SA are created to protect data
flows for each tunnel after IPsec tunnel is successfully established. The ingoing SPI value and
outgoing SPI value are different. However, the Incoming SPI value must match the Outgoing SPI value
at the other end of the tunnel, and vice versa. The connection status on the remote endpoint of this
tunnel is as the following figure shows. The SPI value is obtained via auto-negotiation.
Select the algorithm used to encrypt the data for ESP encryption.
Options include:
NONE: Performs no encryption.
DES: DES (Data Encryption Standard) encrypts a 64-bit block of plain
text with a 56-bit key. The key should be 8 characters.
3DES: Triple DES, encrypts a plain text with 168-bit key. The key should
be 24 characters.
AES128: Uses the AES algorithm and 128-bit key for encryption. The
key should be 16 characters.
Figure 3-62 IPsec SA
-89-