113
entering the pre-shared key into both sides (router or hosts).
Local ID Type and Remote ID Type
: When the mode of phase 1 is aggressive, Local and Remote
peers can be identified by other IDs.
ID content
: Enter ID content the name you want to identify when the Local and Remote Type are
Domain Name
: Enter ID content IP address you want to identify when the Local and Remote Type are
IP addresses (IPv4 and IPv6 supported).
Phase 1
Mode
: Select IKE mode from the drop-down menu: Main or Aggressive. This IKE provides secured
key generation and key management.
Encryption Algorithm
: Select the encryption algorithm from the drop-down menu. There are several
options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.
i
DES: Stands for Triple Data Encryption Standard, it uses 56 bits as an encryption method.
i
3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an
encryption method.
i
AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as
encryption method.
Integrity Algorithm
: Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash Algorithm
(SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.
i
MD5: A one-way hashing algorithm that produces a 128
−
bit hash.
i
SHA1: A one-way hashing algorithm that produces a 160
−
bit hash.
DH Group:
It is a public-key cryptography protocol that allows two parties to establish a shared secret
over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular
Exponentiation Groups.
SA Lifetime
: Specify the number of minutes that a Security Association (SA) will stay active before
new encryption and authentication key will be exchanged. Enter a value to issue an initial connection
request for a new VPN tunnel. Default is 480 minutes (28800 seconds). A short SA time increases
security by forcing the two parties to update the keys. However, every time when the VPN tunnel re-
negotiates, access through the tunnel will be temporarily disconnected.
Phase 2
Encryption Algorithm
: Select the encryption algorithm from the drop-down menu. There are several
options: 3DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.
Integrity Algorithm
: Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmit. There are 2 options: Message Digest 5 (MD5) and Secure Hash Algorithm
(SHA1). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.
DH Group
: It is a public-key cryptography protocol that allows two parties to establish a shared secret
over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular
Exponentiation Groups.
IPSec Lifetime
: Specify the number of minutes that IPSec will stay active before new encryption
and authentication key will be exchanged. Enter a value to negotiate and establish secure
authentication. Default is 60 minutes (3600 seconds). A short time increases security by forcing the
two parties to update the keys. However, every time when the VPN tunnel re- negotiates, access
through the tunnel will be temporarily disconnected.
Ping for Keep Alive
: Select the operation methods:
i
None: The default setting is “None”. To this mode, it will not detect the remote IPSec peer
has been lost or not. It only follows the policy of Disconnection time after no traffic, which
the remote IPSec will be disconnected after the time you set in this function.
i
DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to
be detected lively when the connection between the router and a remote IPSec peer has
lost.
19216811.live