User's Guide
Table Of Contents
- Package Contents
- Chapter 1 About this Guide
- Chapter 2 Introduction
- Chapter 3 Configuration
- Chapter 4 Application
- Appendix A Hardware Specifications
- Appendix B FAQ
- Appendix C Glossary
-103-
PFS:
Select the PFS (Perfect Forward Security) for IKE mode to
enhance security. This setting should match the remote peer.
With PFS feature, IKE negotiates to create a new key in
Phase2. As it is independent of the key created in Phase1, this
key can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is created based
on the key in Phase1 and thus once the key in Phase1 is
de-encrypted, the key in Phase2 is easy to be de-encrypted, in
this case, the communication secrecy is threatened.
SA Lifetime:
Specify IPsec SA Lifetime for IKE mode.
Status:
Activate or inactivate the entry.
z Manual Mode
IPsec Proposal:
Select the IPsec Proposal. Only one proposal can be selected
on Manual mode. You need to first create the IPsec Proposal.
Incoming SPI:
Specify the Incoming SPI (Security Parameter Index) manually.
The Incoming SPI here must match the Outgoing SPI value at
the other end of the tunnel, and vice versa.
AH Authentication Key-In:
Specify the inbound AH Authentication Key manually if AH
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound AH authentication
key at the other end of the tunnel, and vice versa.
ESP Authentication Key-In:
Specify the inbound ESP Authentication Key manually if ESP
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound ESP authentication
key at the other end of the tunnel, and vice versa.
ESP Encryption: Key-In:
Specify the inbound ESP Encryption Key manually if ESP
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound ESP encryption key
at the other end of the tunnel, and vice versa.