Virtual Private Network > Connections
Virtual Private Network
222
RM GUI HiSecOS EAGLE20/30
Release
3.0
09/2015
Re-Authentication Activates/deactivates peer re-authentication after an IKE-SA re-key.
When you set the "Version" to
IKEv1
, then the device always re-
authenticates the VPN tunnel, even when you unmark the checkbox..
Possible values:
marked
The device creates a new IKE-SA and attempts to recreate the IPsec
SAs.
unmarked
(default setting)
When using
IKEv2
, the device re-keys the VPN tunnel and retains the
IPsec SAs.
IPSec Key
agreement
Specifies which Diffie-Hellman key agreement algorithm the device uses for
establishing the IPsec-SA session key establishment.
Possible values:
any
With this value selected the device accepts every algorithm when
specified as the responder and various pre-defined algorithm when
specified as the initiator.
modp1024
(default setting)
The value represents a Rivest, Shamir, and Adleman (RSA) algorithm
with 1024 bits modulus which is Diffie-Hellman Group 2.
modp1536
The value represents an RSA with 1536 bits modulus which is Diffie-
Hellman Group 5.
modp2048
The value represents an RSA with 2048 bits modulus which is Diffie-
Hellman Group 14.
modp3072
The value represents an RSA with 3072 bits modulus which is Diffie-
Hellman Group 15.
modp4096
The value represents an RSA with 4096 bits modulus which is Diffie-
Hellman Group 16.
none
The value disables Perfect Forward Secrecy (PFS). With PFS enabled,
if a compromise of a single key occurs, then the integrity remains for
subsequently generated keys.
Parameters Meaning
To Next Page
Loading...