Field Description
Depending on the hardware of your device some options may
not be available.
Use PFS Group As PFS (Perfect Forward Secrecy) requires another Diffie-
Hellman key calculation to create new encryption material, you
must select the exponentiation features. If you enable PFS (
"1), the options are the same as for the configuration of
DH Group in the VPN->IPSec->Phase-1 Profiles menu. PFS is
used to protect the keys of a renewed phase 2 SA, even if the
keys of the phase 1 SA have become known.
The following groups with their corresponding bit values are
available:
• , :!
• :!
• & :!
• :!
• &, :!
• :!
Depending on the hardware of your device some options may
not be available.
Lifetime Define how the lifetime is defined that will expire before phase 2
SAs need to be renewed.
The new SAs are negotiated shortly before expiry of the current
SAs. As for RFC 2407, the default value is eight hours, which
means the key must be renewed once eight hours have
elapsed.
The following options are available for defining the Lifetime:
• Input in Seconds: Enter the lifetime for phase 2 key in
seconds. The value can be a whole number from to
,&,. The default value is ,.
• Input in kBytes: Enter the lifetime for phase 2 keys as amount
of data processed in kBytes. The value can be a whole num-
ber from to ,&,. The default value is .
Rekey after: Specify the percentage in the course of the lifetime
14 VPN bintec elmeg GmbH
382 bintec RS Series
To Next Page
Loading...
