Table of Contents
Advertisement
Chapter 10 - Configuring VPN
Field
IPSec Proposal Settings
IPSec Encryption /
Authentication
PFS Group
Life Times
110
Description
Select one of the following pre-configured IKE proposals
from the dropdown list. If All is selected, all the pre-config-
ured proposals will be associated with existing tunnel and
one (among the set of IPSec proposals) will be selected au-
tomatically and used by IPSec to communicate with its peer.
All
Strong Encryption & Authentica-
tion (ESP 3DES HMAC SHA1)
Strong Encryption & Authentication (ESP 3DES HMAC MD5)
Encryption & Authentication (ESP DES HMAC SHA1)
Encryption & Authentication (ESP DES HMAC MD5)
Authentication (AH SHA1)
Authentication (AH MD5)
Strong Encryption (ESP 3DES)
Encryption (ESP DES)
Authentication (ESP SHA1)
Authentication (ESP MD5)
PFS stands for perfect forward secrecy. You may choose
to use the same keys (generated when the IKE tunnel is
created) for all re-negotiations or you can choose to generate
new keys for every re-negotiation. Select None to use the
same keys for all the re-negotiations. Select a specific DH
(Diffie-Hellman) group to generate new keys for every re-
negotiation. The supported DH groups are DH-1, DH-2 and
DH-5. The greater the group number, the more secure the
connection is. However, the greater the group number, the
more time it takes to negotiate a tunnel.
Note: With PFS selected, keys are changed during the
course of a connection and the tunnel is more secure.
However, enabling this option slows down the tunnel negotia-
tion.
Enter the life time of IPSec security association in seconds,
minutes, hours or days and kilo bytes. Default value is 3600
seconds and 75000 kilo bytes.
ASUS SL1200
Advertisement
Table of Contents
