![background image](http://html.mh-extra.com/html/tp-link/safestream-tl-r600vpn/safestream-tl-r600vpn_configuration-manual_1144817139.webp)
Configuring VPN
IPSec VPN Configuration
Configuration Guide
131
PFS
Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the
key generated in phase 2 will be irrelevant with the key in phase 1, which enhance the
network security.
If you select None, it means PFS is disabled and the key in phase 2 will be generated
based on the key in phase 1.
SA Lifetime
Specify IPSec SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime
expired, the related IPSec SA will be deleted.
2.2 Verifying the Connectivity of the IPSec VPN tunnel
Choose the menu
VPN > IPSec > IPSec SA
to load the following page.
Figure 2-4 IPSec SA List
The
IPSec SA List
shows the information of the established IPSec VPN tunnel.
Name
Displays the name of the IPSec policy associated with the SA.
SPI
Displays the SPI (Security Parameter Index) of the SA, including outgoing SPI and
incoming SPI. The SPI of each SA is unique.
Direction
Displays the direction (in: incoming/out: outgoing) of the SA.
Tunnel ID
Displays the IP addresses of the local and remote peers.
Data Flow
Displays the Local Subnet and Remote Subnet/host covered by the SA.
Protocol
Displays the authentication protocol and encryption protocol used by the SA.
AH
Authentication
Displays the AH authentication algorithm used by the SA.
ESP
Authentication
Displays the ESP authentication algorithm used by the SA.
ESP Encryption
Displays the ESP encryption algorithm used by the SA.