Sa Monitor - Nortel BSR222 Configuration

244 Chapter 13 VPN
Table 59 VPN Branch Office Advanced Rule Setup
Label
SA Life Time
Encapsulation
Perfect Forward
Secrecy (PFS)
Apply
Cancel

SA Monitor

In the WebGUI, click VPN and the SA Monitor tab. Use this screen to display
and manage all of the active VPN connections (IPSec sessions).
NN47922-500
Description
Define the length of time before an IKE SA automatically renegotiates
in this field. It can range from 60 to 3 000 000 seconds (almost 35
days). A short SA life time increases security by forcing the two VPN
switches to update the encryption and authentication keys. However,
every time the VPN tunnel renegotiates, all users accessing remote
resources are temporarily disconnected.
Select Tunnel mode or Transport mode from the drop-down list. The
Business Secure Router's encapsulation mode must be identical to
the remote VPN switch. Tunnel is compatible with NAT, Transport is
not.
Perfect Forward Secrecy (PFS) is disabled (None) by default in phase
2 IPSec SA setup. This allows faster IPSec setup, but is not as
secure. Choose from DH1, DH2, or DH5 to enable PFS.
DH1 refers to Diffie-Hellman Group 1, a 768-bit random number.
DH2 refers to Diffie-Hellman Group 2, a 1 024-bit (1Kb) random
number (more secure, yet slower).
DH5 refers to Diffie-Hellman Group 5, a 1 536-bit random number.
Click Apply to temporarily save the settings and return to the VPN -
Branch Office Rule Setup screen. The advanced settings are saved
to the Business Secure Router if you click Apply in the VPN - Branch
Office Rule Setup screen.
Click Cancel to return to the VPN Branch Office screen without
saving your changes.