DIR-853
AC1300 MU-MIMO Wi-Fi Gigabit Router
with 3G/LTE Support and USB Port 3.0
User Manual
Configuring via Web-based Interface
Figure 153. The page for adding an IPsec tunnel.
The First Phase / The Second Phase
sections.
Parameter
Description
The First Phase
First phase
encryption algorithm
Select encryption algorithm from the drop-down list.
Hashing algorithm
Select hashing algorithm from the drop-down list.
First phase DHgroup
type
A Diffie-Hellman key group for Phase 1. Select a value from the drop-
down list.
IKE-SA lifetime
The lifetime of IKE-SA keys in seconds. After the specified period it is
required to renegotiate the keys. The value specified in this field
should exceed the value specified in the
IPsec-SA lifetime
field.
Specify
0
if you don't want to limit the lifetime of the keys.
The Second Phase
Second phase
encryption algorithm
Select encryption algorithm from the drop-down list.
Authentication
algorithm
Select authentication algorithm from the drop-down list.
Enable PFS
Move the switch to the right to enable the PFS option (
Perfect
Forward Secrecy
). If the switch is moved to the right, a new
encryption key exchange will be used for Phase 2. This option
increases the security level of data transfer.
Second phase
PFSgroup type
A Diffie-Hellman key group for Phase 2. Select a value from the drop-
down list. The field is available if the
Enable PFS
switch is moved
to the right.
Page
187
of 228