Operating Instructions
90
Phase 1 Setup
Phase 2 Setup
Notes
•
When the conversion mode is set to Aggressive, both IPsec devices must have the same DH group
set.
•
When connecting an IPsec camera to the WAN side, the conversion mode must be set to Main.
Conversion Mode
Set the IKE phase 1 conversion mode to Main or Aggressive. The
key conversion procedure for Aggressive is simpler but security is
slightly reduced.
Life Time
Set the IKE SA lifetime. The time must be set between 5 minutes and
2400 hours.
Proposal Entry
Set whether to Enable or Disable this proposal. Proposals that are
disabled will not be proposed.
Proposal Encryption
Set the method of encryption used in phase 1. Select an encryption
method from DES, 3DES, AES (128 bit), AES (192 bit), and AES
(256 bit).
Proposal Hash
Set the authentication algorithm (hash). Select from MD5 and SHA-
1.
Proposal DH Group
Set the DH (Diffie-Hellman) group used in phase 1. Select between 1
and 2. DH group 2 is has increased security compared to DH group
1, but group 1 is not weak.
Life Time
Set the IPsec SA lifetime. The time must be set between 5 minutes
and 2400 hours.
PFS
Set whether to turn on PFS (Perfect Forward Security) in phase 2.
Select from Enable DH Group 2, Enable DH Group 1, and Disable.
When Enable Group 2 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 2 creates a secret shared key.
When Enable Group 1 is selected, the Diffie-Hellman exchange is re-
performed in phase 2, and DH Group 1 creates a secret shared key.
When Disabled is selected, the secret shared key created in phase 1
is used in phase 2. Security is increased when PFS is enabled rather
than disabled.
Proposal Entry
Set whether to Enable or Disable this proposal. Proposals that have
Disable set will not be proposed.
Proposal Encryption
Set the method of encryption. Select from an encryption method
from DES, 3DES, AES (128 bit), AES (192 bit), AES (256 bit) and
NULL.
Proposal Hash
Set the authentication algorithm (hash). Select from MD5, SHA-1,
and None (authentication algorithm not used).
Содержание BB-HGW700A - Network Camera Router
Страница 138: ...Operating Instructions 138 ...
Страница 139: ...Operating Instructions 139 Index ...
Страница 141: ...Operating Instructions 141 ...