Edimax ER-1088 Available from Edimax USA Manual - Page 59

Settings - IKE Global Setup

Get Edimax ER-1088 Available from Edimax USA PDF manuals and user guides View all Edimax ER-1088 Available from Edimax USA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 59 highlights

Settings - IKE Global Setup Global List (Phase 1) The list will only show the approximate information of all Global Settings on each WAN port. You can modify it by clicking on a selected row. Global Parameters • Enable Setting - If set to Enable, it enables the VPN function to work. • ISAkmp Port - Internet Security Association and Key Protocol Management (ISAkmp) is designed to negotiate, establish, modify and delete security associations and their attributes. By default, it is assigned UDP port 500 by the IANA. You can set it to use a port other than port 500. The remote IPsec site will attempt to connect on it. • Phase 1 DH Group - There are three levels of cryptography from the Diffie-Hellman group. The DH method illustrates key generation using public key cryptography. It uses the public and secret key information held by both users to generate a key. • Phase 1 Encryption Method - There are three data encryption methods available: DES, 3DES and AES. • Phase 1 Authentication Method - There are two authentication methods available: MD5 and SHA1 (Secure Hash Algorithm) • Phase 1 SA Life Time - By default the Security Association lifetime is 28800 seconds. When it is expired, a new key is re-negotiated. During the negotiation period, the VPN tunnel isn't available. • Retry Counter - This indicates how many times the process of Phase 1 will be restarted if it's unsuccessful. There will be an error message in the VPN log once it is expired. • Retry Interval - This indicates the time period between two consecutive retries. • Maxtime to complete Phase 1 - This indicates the maximum time allowed for negotiation in Phase 1. If it expires, it is recommended to increase the Maxtime period or reduce the DH group level. Default value is 30 sec. • Maxtime to complete Phase 2 - It indicates the maximum time allowed for negotiation in Phase 2. If it expires, it is recommended to increase the Maxtime period or reduce the DH group level. Default value is 30 sec. • Count Per Send - This indicates the maximum amount of duplicate packets to be resent if the remote side does not respond to the first packet. • Force Deletion after Expiry - When set to Enable, once SA has expired, the tunnel session will be removed and all related resources will be cleared. Log Level This function allows you to select which information you want to see on the VPN log. It has six different message levels: None, Critical, Error, Warning, Information and Debug. Page 55

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
Settings – IKE Global Setup
Global List (Phase 1)
The list will only show the approximate information of all Global Settings
on each WAN port. You can modify it by clicking on a selected row.
Global Parameters
Enable
Setting
– If set to Enable, it enables the VPN function to
work.
ISAkmp Port
– Internet Security Association and Key Protocol
Management (ISAkmp) is designed to negotiate, establish, modify
and delete security associations and their attributes. By default, it is
assigned UDP port 500 by the IANA. You can set it to use a port
other than port 500. The remote IPsec site will attempt to connect
on it.
Phase 1 DH Group
There are
three levels of cryptography from
the Diffie-Hellman group. The DH method illustrates key generation
using public key cryptography. It uses the public and secret key
information held by both users to generate a key.
Phase 1 Encryption Method
– There are three data encryption
methods available: DES, 3DES and AES.
Phase 1 Authentication Method
– There are two authentication
methods available: MD5 and SHA1 (Secure Hash Algorithm)
Phase 1 SA Life Time
– By default the Security Association lifetime
is 28800 seconds. When it is expired, a new key is re-negotiated.
During the negotiation period, the VPN tunnel isn’t available.
Retry Counter
– This indicates how many times the process of
Phase 1 will be restarted if it’s unsuccessful. There will be an error
message in the VPN log once it is expired.
Retry Interval
– This indicates the time period between two
consecutive retries.
Maxtime to complete Phase 1
– This indicates the maximum time
allowed for negotiation in Phase 1. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.
Maxtime to complete Phase 2
– It indicates the maximum time
allowed for negotiation in Phase 2. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.
Count Per Send
– This indicates the maximum amount of duplicate
packets to be resent if the remote side does not respond to the first
packet.
Force Deletion after Expiry
– When set to
Enable,
once SA has
expired, the tunnel session will be removed and all related
resources will be cleared.
Log Level
This function allows you to select which information you want to see on
the VPN log. It has six different message levels: None, Critical, Error,
Warning, Information and Debug.
Page 55