Manual

106
Chapter 10 - Conguring VPN
ASUS SL1200
Default lifetime
Default lifetime for the pre-congured IKE proposals and IPSec proposals
is 3600 seconds (One hour). It is recommended to set lifetime value
greater than 600 seconds, for a new IKE proposal or IPSec proposal. This
will reduce quick re-keying which will unnecessarily burden the system.
Limits for key length
The maximum key length for pre shared key, cipher key and Authentication
Key is 50characters. If the cipher key length is greater than the length
specified by the encryption algorithm, the key is truncated to the
appropriate length.
Priority of the connections
The allow-ike-io default rule has the highest priority (1). The allow-all
default rule has the lowest priority. At any point of time it is recommended
to maintain this priority. If you add connections below the allow-all rule
(lower priority), it will not have any effect as the corresponding packets will
match the allow-all rule and go without encryption.
These pre-configured Proposals/Connections are read-only and cannot
be modied. If you have to specify a proposal (other than the default), you
should add a new one via the VPN conguration page. This way you can
control the proposals that become part of a connection.
For the negotiation to succeed, the peer gateway should
also be congured with matching parameters. However, any
specic proposal can be chosen if needed.
This chapter includes the procedure to congure the Access List through
GUI:
• Basic Access List Conguration
Access List using IKE
Advanced Access List Conguration
Access List using IKE