Table of Contents
Advertisement
IPSec Operation
IPSec Life Duration
mode that will be used for IPSec Perfect
Forward Security (PFS). The choices are
Disabled, Group 1, and Group 2. Group 1
uses 768-bit encryption, and Group 2 uses
1024-bit encryption. You must use exactly th
same PFS encryption mode on both ends of th
VPN tunnel.
This drop-down menu allows you to select the
level of encryption that will be applied to
packets
that are sent between the two endpoints
of a VPN tunnel.
ESP − specifies that the entire packet will be
encrypted (by the DES or 3DES algorithm, as
selected below) and authenticated (by the MD5
or SHA algorithm, as selected below).
AH − specifies that only the auth
algorithm (MD5 or SHA, as selected below)
will be used. When AH is selec
portion of packets sent between the two
endpoints of a VPN tunnel will not be
encrypted.
This is similar to the IK
described above. It is the duration, in seconds,
of the phase 2 key, after the tunnel is
established. When this time
peers will trigger the phase 2 negotiation to set
up a new phase 2 key and rebuild the tunnel.
e
e
entication
ted, the data
E Life Duration,
has past, the two
Advertisement
Table of Contents
