Digi TransPort WR31 User Manual page 449

Configure Virtual Private Networking (VPN)
MODP Group for Phase 1
Sets the key length for the IKE Diffie-Hellman exchange to 768 bits (group 1) or 1024 bits
(group 2). Normally, this option is set to group 1 and this is sufficient for normal use. For
particularly sensitive applications, you can improve security by selecting group 2 to enable a
1024 bit key length. Note however that this will slow down the process of generating the phase 1
session keys (typically from 1-2 seconds for group 1), to 4-5 seconds.
Renegotiate after h hrs m mins s secs
How long the initial IKEv2 Security Association will stay in force. When it expires any attempt to
send packets to the remote system will result in IKE attempting to establish a new SA.
Rekey after h hrs m mins s secs
When the time left until expiry for this SA reaches the value specified by this parameter, the
IKEv2 SA will be renegotiated, such as a new IKEv2 SA is negotiated and the old SA is removed.
Any IPSec child SAs that were created are retained and become children of the new SA.
Related CLI commands
Entity Instance
ike2 n
ike2 n
ike2 n
ike n
ike2 n
ike2 n
ike2 n
ike2 n
Digi TransPort WR Routers User Guide
Parameter Values
iencalg des, 3des, aes
ienkeybits 128, 192, 256
iauthalg md5, sha1, sha256
rauthalgs sha256
iprfalg md5, sha1
idhgroup 1, 2, 5
ltime 1-28800
rekeyltime 1-28800
Equivalent web parameter
Encryption
Encryption (AES Key length)
Authentication
PRF Algorithm
PRF Algorithm
MODP Group for Phase 1
Renegotiate after h hrs m mins s secs
This CLI value is entered in seconds only.
Rekey after h hrs m mins s secs
This CLI value is entered in seconds only.
IPsec parameters
449