Gigabit Multi-Homing VPN Security Router User’s Manual
Use IKE Protocol
Click the shared key generated by IKE to encrypt and authenticate the remote user. If PFS (Perfect Forward
Secrecy) is enabled, the Phase 2 shared key generated during the IKE coordination will conduct further
encryption and authentication. When PFS is enabled, hackers using brute force to capture the key will not be
able to get the Phase 2 key in such a short period of time.
Item
Description
Perfect Forward
Secrecy:
When users check the PFS option don't forget to activate the PFS function of the VPN
device and the VPN Client as well.
Phase 1/ Phase 2
DH Group
This option allows users to select Diffie-Hellman groups: Group 1/ Group 2/ Group 5.
Phase 1/ Phase 2
Encryption
This option allows users to set this VPN tunnel to use any encryption mode. Note that
this parameter must be identical to that of the remote encryption parameter: DES (64-bit
encryption mode), 3DES (128-bit encryption mode), AES (the standard of using security
code to encrypt information). It supports 128-bit, 192-bit, and 256-bit encryption keys.
Phase 1/Phase 2
Authentication
This authentication option allows users to set this VPN tunnel to use any authentication
mode. Note that this parameter must be identical to that of the remote authentication
mode: “MD5” or “SHA1”.
Phase 1 SA Life
Time
The life time for this exchange code is set to 28800 seconds (or 8hours) by default. This
allows the automatic generation of other exchange password within the valid time of the
VPN connection so as to guarantee security.
Phase2 SA Life
Time
The life time for this exchange code is set to 3600 seconds (or 1hours) by default. This
allows the automatic generation of other exchange password within the valid time of the
- 96 -