1. Manuals
  2. Brands
  3. BEC Manuals
  4. Network Router
  5. MX-200A
  6. User manual

BEC MX-200A User Manual page 90

4g/lte outdoor router
Hide thumbs
Table of Contents

Advertisement

Use ESP for greater security so that data will be encrypted and the data origin be authenticated but
using AH data origin will only be authenticated but not encrypted.
Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several
options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.
 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption
method.
 AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is
not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash
Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is
slower.
 MD5: A one-way hashing algorithm that produces a 128−bit hash.
 SHA1: A one-way hashing algorithm that produces a 160−bit hash.
Perfect Forward Secrecy: It is a public-key cryptography protocol that allows two parties to
establish a shared secret over an unsecured communication channel (i.e. over the Internet). MODP
stands for Modular Exponentiation Groups.
IPSec SA Lifetime
SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before
new encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec.
IKE negotiates and establishes SA on behalf of IPSec, and IKE SA is used by IKE.
 Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can be
from 5 to 15,000 minutes, and the default is 480 minutes.
 Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5 to
15,000 minutes, and the default is 60 minutes. A short SA time increases security by forcing the
two parties to update the keys. However, every time the VPN tunnel re-negotiates, access
through the tunnel will be temporarily disconnected.
IPSec Connection Keep Alive
Keep Alive:
 None: Disable. The system will not detect remote IPSec peer is still alive or lost. The remote
peer will get disconnected after the interval, in seconds, is up.
 PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP
address.
 DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be
BEC MX-200A ODU User Manual
Device Configuration
VPN – IPSec
85

Advertisement

Table of Contents
loading

Related Manuals for BEC MX-200A

Related Products for BEC MX-200A

Table of Contents