Manual
106
Chapter 10 - Conguring VPN
ASUS SL1200
Default lifetime
Default lifetime for the pre-congured IKE proposals and IPSec proposals
is 3600 seconds (One hour). It is recommended to set lifetime value
greater than 600 seconds, for a new IKE proposal or IPSec proposal. This
will reduce quick re-keying which will unnecessarily burden the system.
Limits for key length
The maximum key length for pre shared key, cipher key and Authentication
Key is 50characters. If the cipher key length is greater than the length
specified by the encryption algorithm, the key is truncated to the
appropriate length.
Priority of the connections
The allow-ike-io default rule has the highest priority (1). The allow-all
default rule has the lowest priority. At any point of time it is recommended
to maintain this priority. If you add connections below the allow-all rule
(lower priority), it will not have any effect as the corresponding packets will
match the allow-all rule and go without encryption.
These pre-configured Proposals/Connections are read-only and cannot
be modied. If you have to specify a proposal (other than the default), you
should add a new one via the VPN conguration page. This way you can
control the proposals that become part of a connection.
For the negotiation to succeed, the peer gateway should
also be congured with matching parameters. However, any
specic proposal can be chosen if needed.
This chapter includes the procedure to congure the Access List through
GUI:
• Basic Access List Conguration
• Access List using IKE
• Advanced Access List Conguration
• Access List using IKE