User's Manual

1

SA (Security Association)

IKE Internet Key Egchange is congured in tfo negotiations.

Phase 1 authenticates the VP= 2lients to each other Qy

conrming the matching PreShared Key fith the tfo gatefays.

IPSec is the Phase 2 of the VP= process.

Manually conguring a VPN tunnel prole.

IKE (Phase 1) Proposal

Egchange: 2lick the dropdofn menu to select the type of

egchange <ain <ode, Aggressive <ode.

DH Group: 2lick the dropdofn menu to select the 3H group

group 1, group 2, group 5, group 1#.

Encryption: 2lick the dropdofn menu to select the type of

encryption 3ES, 33ES, AES12', AES192, AES256.

Authentication: 2lick the dropdofn menu to select the

authentication protocol <35, SHA1.

LiUe Ti\e: Enter the life time value for Phase 1. The life time

value should Qe greater than Phase 2 IPSec. '6# sec. 1day

is a common default and is a normal value for Phase 1.

IPSec (Phase 2) Proposal

Protocol: 2lick the dropdofn menu to select the protocol type

ESP, AH

Encryption: 2lick the dropdofn menu to select the type of

encryption 3ES, 33ES, AES12', AES192, AES256.

Authentication: 2lick the dropdofn menu to select the

authentication protocol <35, SHA1.

PerUect Forward Secrecy (PFS): Select enaQle to enaQle PFS. A

fresh 3H key is generated during IKE phase II and renefed for

each key egchange to eliminate dependencies Qetfeen the

keys.

DH Group: 2lick the dropdofn menu to select the 3H group

group 1, group 2, group 5, group 1#.

LiUe Ti\e: Enter the life time value for Phase 2. The life time

value should Qe smaller than Phase 1 IKE. 36 sec. 1 hour

is a common value for Phase 2.

Apply: 2lick Apply to save the changes.

Cancel: 2lick Cancel

to delete the changes.