Billion BiPAC 7404V(G)OX/V(G)PX User Manual page 124

method.
AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-key
cryptography to change encryption keys during the second phase of VPN negotiation. This function
cryptography protocol that allows two parties to establish a shared secret over an unsecured
communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP
1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.
SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before
new encryption and authentication key will be exchanged. There are two kinds of SAs, IKE and
IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.
Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can
be from 5 to 15,000 minutes, and the default is 480 minutes.
Phase 2 (IPSec): To negotiate and establish secure authentication. The range can be from 5
to 15,000 minutes, and the default is 60 minutes.
A short SA time increases security by forcing the two parties to update the keys. However, every
time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected.
PING for Keep Alive:
None: The default setting is None. To this mode, it will not detect the remote IPSec peer has
been lost or not. It only follows the policy of Disconnection time after no traffic, which the
remote IPSec will be disconnected after the time you set in this function.
PING: This mode will detect the remote IPSec peer has lost or not by pinging specify IP
address.
DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be
detected lively when the connection between the router and a remote IPSec peer has lost.
Please be noted, it must be enabled on the both sites.
PING to the IP: It is able to IP Ping the remote PC with the specified IP address and alert when
the connection fails. Once alter message is received, Router will drop this tunnel connection.
Reestablish of this connection is required. Default setting is 0.0.0.0 which disables the function.
Interval: This sets the time interval between Pings to the IP function to monitor the connection
status. Default interval setting is 10 seconds. Time interval can be set from 0 to 3600 second, 0
second disables the function.
Ping to the IP
0.0.0.0
0.0.0.0
xxx.xxx.xxx.xxx (A valid IP Address)
xxx.xxx.xxx.xxx(A valid IP Address)
Disconnection Time after no traffic: It is the NO Response time clock. When no traffic stage time
is beyond the Disconnection time set, Router will automatically halt the tunnel connection and
reestablish it base on the Reconnection Time set. 180 seconds is minimum time interval for this
function.
Interval (sec)
0
2000
0
2000
119
Ping to the IP Action
No
No
No
Yes, activate it in every 2000
second.