81
security so that data will be encrypted and the data origin be authenticated but using AH data origin will only
be authenticated but not encrypted.
Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several options:
DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.
4 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
4 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption method.
4 AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as encryption
method.
Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is not
tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash Algorithm
(SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is slower.
4 MD5: A one-way hashing algorithm that produces a 128−bit hash.
4 SHA1: A one-way hashing algorithm that produces a 160−bit hash.
Perfect Forward Secrecy: It is a public-key cryptography protocol that allows two parties to establish a shared
secret over an unsecured communication channel (i.e. over the Internet). MODP stands for Modular
Exponentiation Groups.
SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before new
encryption and authentication key will be exchanged. To negotiate and establish secure authentication. The
range can be from 5 to 15,000 minutes, and the default is 60 minutes. A short SA time increases security by
forcing the two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through
the tunnel will be temporarily disconnected.
Keep Alive:
4 None: The default setting is None. To this mode, it will not detect the remote IPSec peer has been lost
or not. It only follows the policy of Disconnection time after no traffic, which the remote IPSec will be
disconnected after the time you set in this function.
4 DPD: Dead peer detection (DPD) is a keeping alive mechanism that enables the router to be detected
lively when the connection between the router and a remote IPSec peer has lost. Please be noted, it
must be enabled on the both sites.
Detection Interval: The period cycle for dead peer detection.
Idle Timeout: Auto-disconnect the IPSec connection after DPD Timeout.
Click SAVE to submit the settings.
To Next Page
Loading...
