
The
About perfect forward secrecy (PFS)
Perfect forward secrecy (PFS) improves the security of a VPN tunnel by making sure that each key created during phase 2 is not related to the keys created during phase 1 or to other keys created during phase 2. PFS might reduce performance because it forces a new
If you do not enable PFS, the VPN tunnel creates all phase 2 keys from a key created during phase 1. This method of creating keys is less
Adding a manual key VPN tunnel
Configure a manual key tunnel to create an IPSec VPN tunnel between the
To create a manual key VPN tunnel:
•Go to VPN > IPSEC > Manual Key .
•Select New to add a new manual key VPN tunnel.
•Configure the VPN tunnel.
VPN Tunnel Name
Local SPI
Remote SPI
Remote
Gateway
Replay
Detection
Encryption
Algorithm
Encryption Key
Enter a name for the tunnel. The name can contain numbers
Security Parameter Index. Enter a hexadecimal number of up to eight digits (numbers
Enter a hexadecimal number of up to eight digits. The hexadecimal number must be added to the Local SPI at the opposite end of the tunnel. The Remote SPI value must be greater than bb8.
Enter the external IP address of the
Select Replay Detection to prevent IPSec replay attacks. See About replay detection.
Select an algorithm from the list. Make sure that you use the same algorithm at both ends of the tunnel.
Required for encryption algorithms that include
For all DES encryption algorithms, enter one hexadecimal number of up to 16 digits. Use the same encryption key at both ends of the tunnel.
59 | |
|