Table of Contents
Advertisement
DFL-900/1500 User Manual
Key Group
Encapsulation
Active Protocol
Encryption
Algorithm
SA Life Time
Perfect Forward
Secrecy(PFS)
Step 5.
Remind to add a Firewall rule
After finishing IPSec rule settings, we need to add
a firewall rule. Here system shows a window
message to remind you of adding a firewall rule.
Just press the OK button to add a firewall rule.
Choose
a
Diffie-Hellman
cryptography key group
View only, it is set previously and can not be
edited again.
View only, it is set previously and can not be
edited again.
Choose a type of encryption and authentication
algorithm combination or singly.
Set the IPSec SA lifetime. A value of 0 means
IKE SA negotiation never times out. See Chapter
12 for details.
Enabling PFS means that the key is transient. This
extra setting will cause more security.
Table 13-5 Setup Advanced feature in the IPSec IKE rule
ADVANCED SETTINGS > VPN Settings > IPSec > IKE > Add
Virtual Private Network – IPSec
public-key
DH1 / DH2 / DH5
Phase2
Can not be edited
Can not be edited
Encrypt and Authenticate
(DES, MD5) /
Encrypt and Authenticate
(DES, SHA1) /
Encrypt and Authenticate
(3DES, MD5) /
Encrypt and Authenticate
(3DES, SHA1) /
Encrypt and Authenticate
(AES, MD5) /
Encrypt and Authenticate
(AES, SHA1) /
Encrypt only (DES) /
Encrypt only (3DES) /
Encrypt only (AES) /
Authenticate only (MD5)
/ Authenticate only
(SHA1)
0~86400000 sec
0~1440000 min
0~24000 hour
None / DH1 / DH2 /
DH5
113
Chapter 13
DH2
Tunnel
ESP
Encrypt and
Authenticate
(DES、MD5)
28800 sec
DH1
Advertisement
Table of Contents
Troubleshooting
