Planet Networking & Communication MH-5001 User Manual page 108

MH-5001 User Manual
Key Group
Encapsulation
Active Protocol
Encryption
Algorithm
SA Life Time
Perfect Forward
Secrecy(PFS)
Step 5. Remind to add a Firewall rule
After finishing IPSec rule settings, we need to add
a firewall rule. Here system shows a window
message to remind you of adding a firewall rule.
Just press the OK button to add a firewall rule.
Choose a Diffie-Hellman public-key
cryptography key group
View only, it is set previously and can not be
edited again.
View only, it is set previously and can not be
edited again.
Choose a type of encryption and authentication
algorithm combination or singly.
Set the IPSec SA lifetime. A value of 0 means
IKE SA negotiation never times out. See Chapter
12 for details.
Enabling PFS means that the key is transient. This
extra setting will cause more security.
Table 13-5 Setup Advanced feature in the IPSec IKE rule
ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add
DH1 / DH2 / DH5
Phase2
Can not be edited
Can not be edited
Encrypt and Authenticate
(DES, MD5) /
Encrypt and Authenticate
(DES, SHA1) /
Encrypt and Authenticate
(3DES, MD5) /
Encrypt and Authenticate
(3DES, SHA1) /
Encrypt and Authenticate
(AES, MD5) /
Encrypt and Authenticate
(AES, SHA1) /
Encrypt only (DES) /
Encrypt only (3DES) /
Encrypt only (AES) /
Authenticate only (MD5)
/ Authenticate only
(SHA1)
0~86400000 sec
0~1440000 min
0~24000 hour
None / DH1 / DH2 /
DH5
105
Chapter 13
Virtual Private Network – IPSec
Tunnel
Encrypt and
Authenticate
(DES、MD5)
28800 sec
DH2
ESP
DH1