-90-
Phase2. As it is independent of the key created in Phase1, this
key can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is created based
on the key in Phase1 and thus once the key in Phase1 is
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
this case, the communication secrecy is threatened.
SA Lifetime: Specify IPsec SA Lifetime for IKE mode.
Status: Activate or inactivate the entry.
Manual Mode
IPsec Proposal: Select the IPsec Proposal. Only one proposal can be selected
on Manual mode. You need to first create the IPsec Proposal.
Incoming SPI: Specify the Incoming SPI (Security Parameter Index) manually.
The Incoming SPI here must match the Outgoing SPI value at
the other end of the tunnel, and vice versa.
AH Authentication Key-In: Specify the inbound AH Authentication Key manually if AH
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound AH authentication
key at the other end of the tunnel, and vice versa.
ESP Authentication Key-In: Specify the inbound ESP Authentication Key manually if ESP
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound ESP authentication
key at the other end of the tunnel, and vice versa.
ESP Encryption: Key-In: Specify the inbound ESP Encryption Key manually if ESP
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound ESP encryption key
at the other end of the tunnel, and vice versa.
Outgoing SPI: Specify the Outgoing SPI (Security Parameter Index) manually.
The Outgoing SPI here must match the Incoming SPI value at
the other end of the tunnel, and vice versa.