AirLive IP-2000VPN User Manual

IKE Phase 2 (IPSec SA)

IPSec SA Life

Time

This setting does not have to match the remote VPN endpoint; the shorter time

will be used. Although measured in seconds, it is common to use time periods of

several hours, such 28,800 seconds.

IPSec PFS

If enabled, PFS (Perfect Forward Security) enhances security by changing the

IPSec key at regular intervals, and ensuring that each key has no relationship to

the previous key. Thus, breaking 1 key will not assist in breaking the next key.

AH Authentication

AH (Authentication Header) specifies the authentication protocol for the VPN

header, if used.

AH is often NOT used. If you do enable it, ensure the algorithm selected matches

the other VPN endpoint.

ESP Encryption

ESP (Encapsulating Security Payload) provides security for the payload (data)

sent through the VPN tunnel. Generally, you will want to enable both ESP

Encryption and ESP Authentication.

Select desired method and ensure remote VPN endpoint uses the same method.

• The 3DES algorithm provides greater security than DES, but is slower.
• The

Key Size

is available for AES only.

ESP

Authentication

Generally, you should enable ESP Authentication. There is little difference

between the available algorithms. Just ensure each endpoint with same setting.

For IKE, configuration is now complete. Click "Next" to view the final screen.

On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.

AirLive IP-2000VPN User’s Manual

66