Table of Contents
Advertisement
DIR-620S Wireless N300 Router with 3G/LTE Support and
USB Port
User Manual
Parameter
First phase DHgroup
type
IKE-SA lifetime
Second phase
encryption algorithm
Authentication
algorithm
Enable PFS
Second phase
PFSgroup type
IPsec-SA lifetime
If you need to specify IP addresses of local and remote subnets for creating a tunnel, click the ADD
button (
) in the Tunneled Networks section.
A Diffie-Hellman key group for Phase 1. Select a value from the drop-
down list.
The lifetime of IKE-SA keys in seconds. After the specified period it
is required to renegotiate the keys. The value specified in this field
should exceed the value specified in the IPsec-SA lifetime field.
Specify 0 if you don't want to limit the lifetime of the keys.
The Second Phase
Select encryption algorithm from the drop-down list.
Select authentication algorithm from the drop-down list.
Move the switch to the right to enable the PFS option (Perfect
Forward Secrecy). If the switch is moved to the right, a new
encryption key exchange will be used for Phase 2. This option
increases the security level of data transfer, but increases the load on
DIR-620S.
A Diffie-Hellman key group for Phase 2. Select a value from the drop-
down list. The field is available if the Enable PFS switch is moved
to the right.
The lifetime of IPsec-SA keys in seconds. After the specified period it
is required to renegotiate the keys. Specify 0 if you don't want to limit
the lifetime of the keys.
Page 192 of 236
Configuring via Web-based Interface
Description
Advertisement
Table of Contents
