Adding and Editing VPN Sites
382
Nokia IP60 Security Appliance User Guide
In this field…
Do this…
Renegotiate every
Type the interval in minutes between IKE Phase-1 key negotiations. This
is the
IKE Phase-1 SA lifetime
.
A shorter interval ensures higher security, but impacts heavily on
performance. Therefore, it is recommended to keep the SA lifetime
around its default value.
The default value is 1440 minutes (one day).
Phase 2
Security Methods
Select the encryption and integrity algorithm to use for VPN traffic:
Automatic.
The IP60 appliance automatically selects the best
security methods supported by the site. This is the default.
A specific algorithm
Perfect Forward
Secrecy
Specify whether to enable Perfect Forward Secrecy (PFS), by selecting
one of the following:
Enabled.
PFS is enabled. The
Diffie-Hellman group
field is
enabled.
Disabled.
PFS is disabled. This is the default.
Enabling PFS will generate a new Diffie-Hellman key during IKE Phase 2
and renew the key for each key exchange.
PFS increases security but lowers performance. It is recommended to
enable PFS only in situations where extreme security is required.
Diffie-Hellman
group
Select the Diffie-Hellman group to use:
Automatic.
The IP60 appliance automatically selects a group.
This is the default.
A specific group
A group with more bits ensures a stronger key but lowers performance.
Renegotiate every
Type the interval in seconds between IPSec SA key negotiations. This is
the
IKE Phase-2 SA lifetime
.
A shorter interval ensures higher security.
The default value is 3600 seconds (one hour).
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......