Table of Contents
Advertisement
Table 37 IPSec VPN: Add
LABEL
SA Life Time
Perfect
Forward
Secrecy (PFS)
DPD Active
13.2.3 The Monitor Screen
The following figure helps explain the main fields in the web configurator.
Click Security > VPN > Monitor to open this screen as shown next.
Figure 50 Monitor
This screen contains the following fields:
Table 38 Monitor
LABEL
#
Status
Tunnel Name
IPSec Algorithm
Refresh
LTE6100 User's Guide
DESCRIPTION
Define the length of time before an IPSec SA automatically renegotiates in this
field.
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
Select whether or not you want to enable Perfect Forward Secrecy (PFS)
PFS changes the root key that is used to generate encryption keys for each IPSec
SA. The longer the key, the more secure the encryption, but also the longer it
takes to encrypt and decrypt information. Both routers must use the same DH
key group. Choices are:
Diffie-Hellman Group2 - use a 1024-bit random number
Diffie-Hellman Group5 - use a 1536-bit random number
Diffie-Hellman Group14 - use a 2048-bit random number
Select the Dead Peer Detection (DPD) Active check box if you want the LTE
Device to make sure the remote IPSec router is there before it transmits data
through the IKE SA. The remote IPSec router must support DPD. If the remote
IPSec router does not respond, the LTE Device shuts down the IKE SA.
If the remote IPSec router does not support DPD, see if you can use the VPN
connection connectivity check.
DESCRIPTION
This is the VPN policy index number.
This displays if the VPN policy is connected.
Enter the name of the VPN connection.
This displays the encryption algorithm being used for the VPN connection.
Click this button to refresh the information on the screen.
Chapter 13 VPN
91
Advertisement
Table of Contents
