Page 54
Settings
– IKE Global Setup
Global List (Phase 1)
The list will only show the approximate information of all Global Settings
on each WAN port. You can modify it by clicking on a selected row.
Global Parameters
Enable
Setting
– If set to Enable, it enables the VPN function to
work.
ISAkmp Port
– Internet Security Association and Key Protocol
Management (ISAkmp) is designed to negotiate, establish, modify
and delete security associations and their attributes. By default, it is
assigned UDP port 500 by the IANA. You can set it to use a port
other than port 500. The remote IPsec site will attempt to connect
on it.
Phase 1 DH Group
–
There are
three levels of cryptography from
the Diffie-Hellman group. The DH method illustrates key generation
using public key cryptography. It uses the public and secret key
information held by both users to generate a key.
Phase 1 Encryption Method
– There are three data encryption
methods available: DES, 3DES and AES.
Phase 1 Authentication Method
– There are two authentication
methods available: MD5 and SHA1 (Secure Hash Algorithm)
Phase 1 SA Life Time
– By default the Security Association lifetime
is 28800 seconds. When it is expired, a new key is re-negotiated.
During the negotiation period, the VPN tunnel isn‟t available.
Retry Counter
– This indicates how many times the process of
Phase 1 will be restarted if it‟s unsuccessful. There will be an error
message in the VPN log once it is expired.
Retry Interval
– This indicates the time period between two
consecutive retries.
Maxtime to complete Phase 1
– This indicates the maximum time
allowed for negotiation in Phase 1. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.
Maxtime to complete Phase 2
– It indicates the maximum time
allowed for negotiation in Phase 2. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.
Count Per Send
– This indicates the maximum amount of duplicate
packets to be resent if the remote side does not respond to the first
packet.
Force Deletion after Expiry
– When set to
Enable,
once SA has
expired, the tunnel session will be removed and all related
resources will be cleared.
Log Level
This function allows you to select which information you want to see on
the VPN log. It has six different message levels: None, Critical, Error,
Warning, Information and Debug.