(Wireless) ADSL VPN Firewall Router with 3DES Accelerator
Chapter 4: Configuration
76
Advanced Option
Click
Advanced Option
to change the following settings:
IKE Mode:
Select IKE mode to Main mode or Aggressive mode.
Local ID:
Type:
Specify local ID type.
Content:
Input ID’s information, like domain name
www.ipsectest.com
.
Remote ID:
Type:
Specify Remote ID type.
Identifier:
Input remote ID’s information, like domain name
www.ipsectest.com
.
SA Lifetime:
Specify the number of minutes that a Security Association (SA) will stay active
before new encryption and authentication key will be exchanged. There are two kinds of
SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is
used by IKE.
Phase 1 (IKE):
To issue an initial connection request for a new VPN tunnel. The range can
be from 5 to 15,000 minutes, and the default is 240 minutes.
Phase 2 (IPSec):
To negotiate and establish secure authentication. The range can be from
5 to 15,000 minutes, and the default is 60 minutes.
A short SA time increases security by forcing the two parties to update the keys. However,
every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily
disconnected.
Select the
Apply
button to update the settings.