Configuring VPN IPSec VPN Configuration
Configuration Guide
131
PFS Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the
key generated in phase 2 will be irrelevant with the key in phase 1, which enhance the
network security.
If you select None, it means PFS is disabled and the key in phase 2 will be generated
based on the key in phase 1.
SA Lifetime Specify IPSec SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime
expired, the related IPSec SA will be deleted.
2.2 Verifying the Connectivity of the IPSec VPN tunnel
Choose the menu VPN > IPSec > IPSec SA to load the following page.
Figure 2-4 IPSec SA List
The IPSec SA List shows the information of the established IPSec VPN tunnel.
Name Displays the name of the IPSec policy associated with the SA.
SPI Displays the SPI (Security Parameter Index) of the SA, including outgoing SPI and
incoming SPI. The SPI of each SA is unique.
Direction Displays the direction (in: incoming/out: outgoing) of the SA.
Tunnel ID Displays the IP addresses of the local and remote peers.
Data Flow Displays the Local Subnet and Remote Subnet/host covered by the SA.
Protocol Displays the authentication protocol and encryption protocol used by the SA.
AH
Authentication
Displays the AH authentication algorithm used by the SA.
ESP
Authentication
Displays the ESP authentication algorithm used by the SA.
ESP Encryption Displays the ESP encryption algorithm used by the SA.
To Next Page
Loading...
