CRADLEPOINT IBR600 USER MANUAL Firmware ver. 3.3.0
7.7.4Page 4: IKE Phase 2
Perfect Forward Secrecy (PFS): Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1.
Additionally, the new keys generated in Phase 2 (with this option enabled) are exchanged in an encrypted session. Enabling this feature affords the policy greater security.
Key Lifetime: The lifetime of the generated keys of Phase 2 of the IPsec negotiation from IKE. After the time has expired, IKE will renegotiate a new set of Phase 2 keys.
Phase 2 has the same selection of Encryption, Hash, and DH Groups as Phase 1, but you are restricted to only one DH Group. Phase 2 and Phase 1 selections do not have to match.
© 2011 CRADLEPOINT, INC. | PLEASE VISIT HTTP://KNOWLEDGEBASE.CRADLEPOINT.COM/ FOR MORE HELP AND RESOURCES | PAGE 105 |
