128
C
HAPTER
9: C
ONFIGURING
V
IRTUAL
P
RIVATE
N
ETWORK
S
ERVICES
Leave the
Disable all Windows Networking (NetBIOS) Broadcasts
box
unchecked for the
Enable Windows Networking (NetBIOS) broadcast
setting to have effect. See “Disable all Windows Networking (NetBIOS)
Broadcasts” on page 124 for details.
Enable Perfect Forward Secrecy
Check the
Enable Perfect Forward Secrecy
check box to change
encryption keys during the second stage of VPN negotiation. This feature
blocks intruders from decrypting keys by brute force but extends VPN
negotiation time.
This setting is not available if the
IPSec Keying Mode
is set to
Manual Key
.
SA Life time (secs)
The
SA Life time (secs)
field allows you to specify the number of seconds
you want a Security Association to last before new encryption and
authentication keys must be exchanged.
As the connection is temporarily disabled when the keys are
renegotiated, a low value (short time) will increase security but may cause
inconvenience. The default value for the
SA Life time (secs)
field is
28800 seconds (8 hours).
Enter the number 28800 or your desired value.
This setting is not available if the
IPSec Keying Mode
is set to
Manual Key
.
Incoming SPI and Outgoing SPI
The
Incoming Security Parameter Index (SPI)
and
Outgoing SPI
are two
eight digit hexadecimal numbers that identify the Security Association
used for the VPN Tunnel. The
Incoming SPI
and
Outgoing SPI
for a SA can
be the same but must differ for all other SPIs used on your network
Additionally the values from 00000000 to 000000FF have been reserved
by the Internet Engineering Task Force (IETF) and are not allowed for use
as an SPI.
Enter your chosen
Incoming SPI
and
Outgoing SPI
in the relevant fields.
If you enter less than eight hexadecimal digits the SPI will be padded with
leading zeros. For example SPIs of “F00” and “00000F00” will be treated
as equivalent.
DUA1611-0AAA02.book Page 128 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...