D-Link DFL-260E User Manual for DFL-260E - Page 428
Diffie-Hellman Groups, PFS DH Group, IPsec Encryption, IPsec Authentication, IPsec Lifetime
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 428 highlights
9.3.2. Internet Key Exchange (IKE) Chapter 9. VPN PFS DH Group IPsec DH Group IPsec Encryption IPsec Authentication IPsec Lifetime Diffie-Hellman Groups where the identities are also protected, by deleting the phase-1 SA every time a phase-2 negotiation has been finished, making sure no more than one phase-2 negotiation is encrypted using the same key. PFS is generally not needed, since it is very unlikely that any encryption or authentication keys will be compromised. This specifies the Diffie-Hellman group to use with PFS. The available DH groups are discussed below. This specifies the Diffie-Hellman group to use for IPsec communication. The available DH groups are discussed below in the section titled Diffie-Hellman Groups. The encryption algorithm that will be used on the protected IPsec traffic. This is not needed when AH is used, or when ESP is used without encryption. The algorithms supported by NetDefend Firewall VPNs are: • AES • Blowfish • Twofish • Cast128 • 3DES • DES This specifies the authentication algorithm used on the protected traffic. This is not used when ESP is used without authentication, although it is not recommended to use ESP without authentication. The algorithms supported by NetDefend Firewall VPNs are: • SHA1 • MD5 This is the lifetime of the VPN connection. It is specified in both time (seconds) and data amount (kilobytes). Whenever either of these values is exceeded, a re-key will be initiated, providing new IPsec encryption and authentication session keys. If the VPN connection has not been used during the last re-key period, the connection will be terminated, and re-opened from scratch when the connection is needed again. This value must be set lower than the IKE lifetime. 428