Cisco SRP521W-K9-G1 Administration Guide - Page 187

Configuring VPN IPSec Policy 7 IPSec Policy Settings Auto Policy Parameters (options only appear if Auto Policy is selected) PFS Select Enable to enable Perfect Forward Secrecy (PFS). The default is disabled. This feature requires a new Diffie-Hellman exchange for each phase-2 negotiation. While this process is slower, it ensures that no keys are dependent on any other previously used keys. SA Lifetime Enter the IPSec SA life time in seconds. The default is 7800 (130 minutes). Manual Policy Parameters (options only appear if Manual Policy is selected) SPI Incoming Enter a hexidecimal value, for the incoming Security Parameters Index between 0x100 and 0xffffffff. SPI Outgoing Enter a hexdicimal value, for the outgoing Security Parameters Index between 0x100 and 0xffffffff. Encryption Algorithm Key Enter a hexidecimal value for the encryption algorithm key. The length depends on the Encryption Algorithm that you selected. For example, the key length for 3DES is 48 hexadecimal digits. Integrity Algorithm Key Enter a hexadecimal value for the integrity algorithm key. The length of the key depends on the Integrity Algorithm selected. For example, MD5 is 32 hexadecimal digits and SHA-1 is 40 hexadecimal digits. Local Traffic Selection Local IP/IP Address/ Determine which local hosts will be allowed to use the Subnet Mask VPN. Select either a single IP Address, or a subnet (IP Address and Subnet Mask). Remote Traffic Selection Remote IP/IP Address/Subnet Mask Traffic from permitted local hosts to the remote IP address or subnet will be routed via the VPN tunnel. Select either a single IP Address, or a subnet (IP Address and Subnet Mask). Select IKE Policy Choose an IKE Policy to associate with this IPSec Policy. To view all the IKE policies, Click View IKE Table. Cisco SRP500 Series Services Ready Platforms Administration Guide (SRP520 Models) 187