NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual page 178
Gigabit quad wan ssl vpn firewall
Hide thumbs
Also See for SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall:
- Configuration manual (8 pages) ,
- Use manual (9 pages) ,
- Network setup manual (8 pages)
Table of Contents
Advertisement
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Table 5-12. Add VPN Policy Settings (continued)
Item
Auto Policy Parameters
Note: These fields apply only when you select Auto Policy as the policy type.
SA Lifetime
Encryption Algorithm
Integrity Algorithm
PFS Key Group
Select IKE Policy
5. Click Apply to save your settings. The VPN policy is added to the List of VPN Policies table.
5-36
Description (or Subfield and Description)
The lifetime of the security association (SA) is the period or the amount of
transmitted data after which the SA becomes invalid and must be
renegotiated. From the drop-down list, select how the SA lifetime is
specified:
• Seconds. In the SA Lifetime field, enter a period in seconds. The minimum
value is 300 seconds. The default value is 3600 seconds.
• KBytes. In the SA Lifetime field, enter a number of kilobytes. The
minimum value is 1920000 KB.
From the drop-down list, select one of the following five algorithms to
negotiate the security association (SA):
• DES. Data Encryption Standard (DES).
• 3DES. Triple DES. This is the default algorithm.
• AES-128. Advanced Encryption Standard (AES) with a 128-bits key size.
• AES-192. AES with a 192-bits key size.
• AES-256. AES with a 256-bits key size.
From the drop-down list, select one of the following two algorithms to be
used in the VPN header for the authentication process:
• SHA-1. Hash algorithm that produces a 160-bit digest. This is the default
setting.
• MD5. Hash algorithm that produces a 128-bit digest.
Select this check box to enable Perfect Forward Secrecy (PFS), and then
select a Diffie-Hellman (DH) group from the drop-down list. The DH Group
sets the strength of the algorithm in bits. The higher the group, the more
secure the exchange. From the drop-down list, select one of the following
three strengths:
• Group 1 (768 bit).
• Group 2 (1024 bit). This is the default setting.
• Group 5 (1536 bit).
Select an existing IKE policy that defines the characteristics of the Phase-1
negotiation. Click the View Selected button to display the selected IKE
policy.
Virtual Private Networking Using IPsec Connections
v1.0, April 2010
Advertisement
Table of Contents
Troubleshooting
