Chapter 8 Security

Table 60 IPSec VPN: Add (continued)

LABEL

DESCRIPTION

Perfect

Select whether or not you want to enable Perfect Forward Secrecy (PFS).

Forward

 

Secrecy (PFS)

PFS changes the root key that is used to generate encryption keys for each IPSec

 

SA. The longer the key, the more secure the encryption, but also the longer it

 

takes to encrypt and decrypt information. Both routers must use the same DH

 

key group.

 

 

Save

Click Apply to save your changes back to the WiMAX Device.

 

 

Cancel

Click Cancel to restore your previous settings.

 

 

8.12 Technical Reference

This section provides some technical background information about the topics covered in this section.

8.12.1 IPSec Architecture

The overall IPSec architecture is shown as follows.

Figure 80 IPSec Architecture

IPSec Algorithms

The ESP (Encapsulating Security Payload) Protocol (RFC 2406) and AH (Authentication Header) protocol (RFC 2402) describe the packet formats and the default standards for packet structure (including implementation algorithms).

The Encryption Algorithm describes the use of encryption techniques such as DES (Data Encryption Standard) and Triple DES algorithms.

144

 

WiMAX Device Configuration User’s Guide