beautypg.com

PLANET SG-4800 User Manual

Page 115

background image

Gigabit SSL VPN Security Router User’s Manual

IKE Protocol

Click the shared key generated by IKE to encrypt and authenticate the remote user. If PFS (Perfect Forward

Secrecy) is enabled, the Phase 2 shared key generated during the IKE coordination will conduct further

encryption and authentication. When PFS is enabled, hackers using brute force to capture the key will not be

able to get the Phase 2 key in such a short period of time.

Item

Description

Perfect Forward

Secrecy

When users check the PFS option, don't forget to activate the PFS function of the VPN

device and the VPN Client as well.

Phase 1/ Phase 2

DH Group

This option allows users to select Diffie-Hellman groups: Group 1/ Group 2/ Group 5.

Phase 1/ Phase 2

Encryption

This option allows users to set this VPN tunnel to use any encryption mode. Note that

this parameter must be identical to that of the remote encryption parameter: DES (64-bit

encryption mode), 3DES (128-bit encryption mode), AES (the standard of using security

code to encrypt information). It supports 128-bit, 192-bit, and 256-bit encryption keys.

Phase 1/Phase 2

Authentication

This authentication option allows users to set this VPN tunnel to use any authentication

mode. Note that this parameter must be identical to that of the remote authentication

mode: “MD5” or “SHA1”.

Phase 1 SA Life

Time

The life time for this exchange code is set to 28800 seconds (or 8hours) by default. This

allows the automatic generation of other exchange password within the valid time of the

VPN connection so as to guarantee security.

Phase2 SA Life

Time

The life time for this exchange code is set to 3600 seconds (or 1hours) by default. This

allows the automatic generation of other exchange password within the valid time of the

VPN connection so as to guarantee security.

Advanced Setting- for IKE Preshareed Key Only

The advanced settings include Main Mode and Aggressive mode. For the Main mode, the default setting is set to

VPN operation mode. The connection is the same to most of the VPN devices.

- 109 -

This manual is related to the following products:
See also other documents in the category PLANET Communication: