Chapter 12 IPSec VPN

Table 75 Security > IPSec VPN > IPSec Setting > Manual (continued)

LABEL

DESCRIPTION

Integrity

Select SHA1 or MD5 from the drop-down list box. MD5 (Message

Algorithm

Digest 5) and SHA1 (Secure Hash Algorithm) are hash algorithms used

 

to authenticate packet data. The SHA1 algorithm is generally

 

considered stronger than MD5, but is slower. Select MD5 for minimal

 

security and SHA-1for maximum security.

 

 

Select Diffie-

You must choose a key group for key exchange in SA setup. 768bit

Hellman Group

refers to Diffie-Hellman Group 1 a 768 bit random number. 1024bit

for Key

refers to Diffie-Hellman Group 2 a 1024 bit (1Kb) random number.

Exchange

Other options include 1536, 2048, and 3072 bit Diffie-Hellman groups.

 

 

Key Life Time

Define the length of time before an IKE or IPSec SA automatically

(Seconds)

renegotiates in this field. It may range from 60 to 3,000,000 seconds

 

(almost 35 days).

 

A short SA Life Time increases security by forcing the two VPN

 

gateways to update the encryption and authentication keys. However,

 

every time the VPN tunnel renegotiates, all users accessing remote

 

resources are temporarily disconnected.

 

 

Apply/Save

Click Apply/Save to save your changes back to the P-2812HNU-51c

 

and return to the IPSec screen.

 

 

12.4 Viewing VPN Status

Click Security > IPSec VPN > Status to open the screen as shown. Use this screen to display and manage active VPN connections.

A Security Association (SA) is the group of security settings related to a specific VPN tunnel. This screen displays active VPN connections. Use Refresh to display active VPN connections. This screen is read-only. The following table describes the fields in this tab.

Figure 133 Security > IPSec VPN > Status

266

 

P-2812HNU-51c User’s Guide