49
Web User Interface
data communications. Choices are:
Null –
No data encryption in IPSec SA. Not suggested.
DES
- a 56-bit key with the DES encryption algorithm
3DES
- a 168-bit key with the DES encryption algorithm
wireless router and the remote IPSec router must use the
same algorithms and key , which can be used to encrypt
and decrypt the message or to generate and verify a
message authentication code. Longer keys require more
processing power, resulting in increased latency and
decreased throughput.
AES
- Advanced Encryption Standard is a newer method of
data encryption that also uses a secret key. This
implementation of AES applies a 128-bit key to 128-bit
blocks of data. AES is faster than 3DES. Here you can
have the choice
AES-128, AES-192, AES-256
Phase 2 authentication
Select which hash algorithm to use to authenticate packet
data in the IKE SA. Choices are
Null, SHA1
and
MD5
.
SHA1
is generally considered stronger than
MD5
, but it is
also slower.
Phase 2 SA lifetime
Define the length of time before an IPSec SA automatically
renegotiates in this field. It may range from 120 to 86400
seconds.
Show Advanced Settings Some advanced IPSec VPN configuration is hidden by
default, usually you just keep it with no change.
Key management
Key management allows you to determine whether to use
IKE (ISAKMP) or manual key configuration in order to set
up a VPN.
IKE negotiation mode
Determines how the Security Association (SA) will be
established for each connection through IKE negotiations.
-
Main Mode, which ensures the highest level of security
when the communicating parties are negotiating
authentication (phase 1).
-
Aggressive Mode, which is quicker than Main Mode
because it eliminates several steps when the
communicating parties are negotiating authentication
(phase 1).
Perfect forward secrecy
Perfect Forward Secret (PFS) is disabled (NONE) by
default in phase 2 IPSec SA setup. This allows faster IPSec
DDW2600/DDC2700
