Manual
110
Chapter 10 - Conguring VPN
ASUS SL1200
Field Description
IPSec Proposal Settings
IPSec Encryption /
Authentication
Select one of the following pre-congured IKE proposals
from the dropdown list. If All is selected, all the pre-cong-
ured proposals will be associated with existing tunnel and
one (among the set of IPSec proposals) will be selected au-
tomatically and used by IPSec to communicate with its peer.
All
Strong Encryption & Authentica-
tion (ESP 3DES HMAC SHA1)
Strong Encryption & Authentication (ESP 3DES HMAC MD5)
Encryption & Authentication (ESP DES HMAC SHA1)
Encryption & Authentication (ESP DES HMAC MD5)
Authentication (AH SHA1)
Authentication (AH MD5)
Strong Encryption (ESP 3DES)
Encryption (ESP DES)
Authentication (ESP SHA1)
Authentication (ESP MD5)
PFS Group PFS stands for perfect forward secrecy. You may choose
to use the same keys (generated when the IKE tunnel is
created) for all re-negotiations or you can choose to generate
new keys for every re-negotiation. Select
None
to use the
same keys for all the re-negotiations. Select a specic DH
(Diffie-Hellman) group to generate new keys for every re-
negotiation. The supported DH groups are DH-1, DH-2 and
DH-5. The greater the group number, the more secure the
connection is. However, the greater the group number, the
more time it takes to negotiate a tunnel.
Note
: With PFS selected, keys are changed during the
course of a connection and the tunnel is more secure.
However, enabling this option slows down the tunnel negotia-
tion.
Life Times Enter the life time of IPSec security association in seconds,
minutes, hours or days and kilo bytes. Default value is 3600
seconds and 75000 kilo bytes.