Table of Contents
Advertisement
Warning:
The pre-shared secret must be entered identically at each end of the tunnel.
The IPSec tunnel will fail to connect if the pre-shared secret is not identical at both ends.
The pre-shared secret is a highly sensitive piece of information. It is essential to keep this
information secret. Communications over the IPSec tunnel may be compromised if this
information is divulged.
Automatic keying provides a mechanism for regularly changing the cryptographic keys used by the
IPSec tunnel. This regular key change results in enhanced security, since if an enemy gets one key
only messages between the previous re-keying and the next are exposed. The Key Lifetime is the
time between consecutive re-keying events, that is, the lifetime of a key. Shorter values offer higher
security at the expense of the computational overhead necessary to calculate new keys. The default
value of 1 hour is recommended.
Checking the Enable Perfect Forward Secrecy of keys box means that an attacker who acquires
the SnapGear VPN Router's long-term key (i.e. the pre-shared secret or RSA Signature Key Private
Section) can:
•
Neither read previous messages which he may have archived
•
Nor read future messages without performing additional successful attacks
Perfect forward secrecy of keys provides the maximum security and is the recommended setting.
IPSec Interoperability
Please see the Support Knowledge Base (http://www.snapgear.com/knowledgebase.html) on the
SnapGear Web Site (http://www.snapgear.com/) for detailed information on successfully
establishing IPSec tunnels between your SnapGear VPN Router and other vendors' equipment.
Virtual Private Networking
87
Advertisement
Table of Contents
