Chapter 12 IPSec VPN
Table 75 Security > IPSec VPN > IPSec Setting > Manual (continued)
LABEL | DESCRIPTION |
Integrity | Select SHA1 or MD5 from the |
Algorithm | Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used |
| to authenticate packet data. The SHA1 algorithm is generally |
| considered stronger than MD5, but is slower. Select MD5 for minimal |
| security and |
|
|
Select Diffie- | You must choose a key group for key exchange in SA setup. 768bit |
Hellman Group | refers to |
for Key | refers to |
Exchange | Other options include 1536, 2048, and 3072 bit |
|
|
Key Life Time | Define the length of time before an IKE or IPSec SA automatically |
(Seconds) | renegotiates in this field. It may range from 60 to 3,000,000 seconds |
| (almost 35 days). |
| A short SA Life Time increases security by forcing the two VPN |
| gateways to update the encryption and authentication keys. However, |
| every time the VPN tunnel renegotiates, all users accessing remote |
| resources are temporarily disconnected. |
|
|
Apply/Save | Click Apply/Save to save your changes back to the |
| and return to the IPSec screen. |
|
|
12.4 Viewing VPN Status
Click Security > IPSec VPN > Status to open the screen as shown. Use this screen to display and manage active VPN connections.
A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is
Figure 133 Security > IPSec VPN > Status
266 |
| |
| ||
|
|
|