AirLive IP-2000VPN User Manual

Direction

Select the desired option:

• Initiator - Only outgoing connections will be created. Incoming connection

attempts will be rejected.

• Responder - Only incoming connections will be accepted. Outgoing traffic

which would otherwise result in a connection will be ignored.

• Both Directions - Both incoming and outgoing connections are allowed.

IKE SA Life Time

This setting does not have to match the remote VPN endpoint; the shorter time will

be used. Although measured in seconds, it is common to use time periods of

several hours, such 28,800 seconds.

DH Group

Select the desired method, and ensure the remote VPN endpoint uses the same

method. The smaller bit size is slightly faster.

IKE PFS

If enabled, PFS (Perfect Forward Security) enhances security by changing the

IPSec key at regular intervals, and ensuring that each key has no relationship to

the previous key. Thus, breaking 1 key will not assist in breaking the next key.

This setting should match the remote endpoint.

IKE Keep Alive

Use Ping to maintain VPN connection. The value is used to set the LAN IP address

of other VPN side’s device.

Click Next to see the following IKE Phase 2 screen.

IKE Phase 2

This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for

IKE and IPSec.

AirLive IP-2000VPN User’s Manual

65