Perfect Forward Secrecy:
Choose whether to enable PFS using Diffie-Hellman public-key
cryptography to change encryption keys during the second phase of VPN negotiation. This
function will provide better security, but extends the VPN negotiation time. Diffie-Hellman is
a public-key cryptography protocol that allows two parties to establish a shared secret over
an unsecured communication channel (i.e. over the Internet). There are two modes, MODP
768-bit, and MODP 1024-bit. MODP stands for Modular Exponentiation Groups.
Pre-shared Key:
This is for the Internet Key Exchange (IKE) protocol. Both sides should
use the same key. IKE is used to establish a shared security policy and authenticated keys
for services (such as IPSec) that require a key. Before any IPSec traffic can be passed,
each router must be able to verify the identity of its peer. This can be done by manually
entering the pre-shared key into both sides (router or hosts).
IKE Life Time:
Allows you to specify the timer interval for renegotiation of the IKE security
association. The value is in seconds, eg. 28800 seconds = 8 hours.
Key Life:
Allows you to specify the timer interval for renegotiation of another key. The value
is in seconds eg. 3600 seconds = 1 hour.
Select the
to submit the setting then click the
to save the settings into
flash.
After changing the router’s configuration settings, you must save all of the
configuration parameters to FLASH to avoid them being lost after turning
off or resetting your router.