DIR-853 AC1300 MU-MIMO Wi-Fi Gigabit Router
with 3G/LTE Support and USB Port 3.0
User Manual
Configuring via Web-based Interface
Figure 153. The page for adding an IPsec tunnel. The First Phase / The Second Phase sections.
Parameter Description
The First Phase
First phase
encryption algorithm
Select encryption algorithm from the drop-down list.
Hashing algorithm
Select hashing algorithm from the drop-down list.
First phase DHgroup
type
A Diffie-Hellman key group for Phase 1. Select a value from the drop-
down list.
IKE-SA lifetime
The lifetime of IKE-SA keys in seconds. After the specified period it is
required to renegotiate the keys. The value specified in this field
should exceed the value specified in the IPsec-SA lifetime field.
Specify 0 if you don't want to limit the lifetime of the keys.
The Second Phase
Second phase
encryption algorithm
Select encryption algorithm from the drop-down list.
Authentication
algorithm
Select authentication algorithm from the drop-down list.
Enable PFS
Move the switch to the right to enable the PFS option (Perfect
Forward Secrecy). If the switch is moved to the right, a new
encryption key exchange will be used for Phase 2. This option
increases the security level of data transfer.
Second phase
PFSgroup type
A Diffie-Hellman key group for Phase 2. Select a value from the drop-
down list. The field is available if the Enable PFS switch is moved
to the right.
Page 187 of 228
To Next Page
Loading...
