Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt or decrypt
ESP/ISAKMP packets.
Encryption
Select an authentication (MD5, SHA1, or SHA2-256).Authentication
Amount of time a VPN tunnel (IPSec SA) is active in this phase. The default value for
Phase 2 is 3600 seconds.
SA Lifetime (Sec)
Check Enable to enable the perfect forward secrecy.Perfect Forward Secrecy
DH is a key exchange protocol, with two groups of different prime key lengths, 1,024
and 1,536 bits. Select an option from the drop-down list.
Diffie-Hellman (DH) Group
Step 7 For Manual Keying Mode, configure the following:
IPSec Configurations
Enter a number (Range 100 - FFFFFFFF, Default 100).
The SPI is an identification tag added to the header while using IPSec for tunneling
the IP traffic. This tag helps the kernel discerns between the two traffic streams where
different encryption rules and algorithms may be in use.
Security Parameter Index
(SPI) Incoming
Enter a number (Range 100 to FFFFFFFF, Default 100).SPI Outgoing
Select an encryption option (3DES, AES-128, AES-192, or AES-256) from the
drop-down list. This method determines the algorithm used to encrypt, or decrypt
ESP/ISAKMP packets.
Encryption
Enter a number (Hex, 48 characters). Key for decrypting ESP packets received in hex
format.
Key-In
Enter a number (Hex, 48 characters). Key for encrypting the plain packets in hex format.Key-Out
The authentication method determines how the Encapsulating Security Payload Protocol
(ESP) header packets are validated. The MD5 is a one-way hashing algorithm that
produces a 128-bit digest. The SHA1 is a one-way hashing algorithm that produces a
160-bit digest. The SHA1 is recommended because it is more secure. Make sure that
both ends of the VPN tunnel use the same authentication method. Select an
authentication (MD5, SHA1, or SHA2-256).
Authentication
Enter a number (Hex, 32 characters). Key for decrypting ESP packets received in hex
format.
Key-In
Enter a number (Hex, 32 characters). Key for encrypting the plain packets in hex format.Key-Out
Step 8 Select an IPSec profile and click Edit, or Delete.
Step 9 To clone an existing profile, select a profile, and click Clone.
Step 10 Click Apply.
RV260x Administration Guide
93
VPN
IPSec Profiles
To Next Page
Loading...
Need help?
General
