D-Link DWC-1000 DWC-1000 User's Guide - Page 102

VPN Settings Field Description This section is used when Policy Type = Auto Policy under the General section of this page. These settings configure Phase 2 negotiations and should match the Phase 2 settings on the remote tunnel endpoint. SA Lifetime Enter the duration of the Security Association and select the unit (seconds or Kbytes) from the drop-down list. • Seconds = measures the SA Lifetime in seconds. After the specified number of seconds passes, the Security Association is renegotiated. Default value is 3600 seconds. Minimum value is 300 seconds. • Kbytes = measures the SA Lifetime in kilobytes. After the specified number of kilobytes of data is transferred, the SA is renegotiated. Minimum value is 1920000 KB. When configuring a Lifetime in kilobytes (also known as lifebytes), two SAs are created for each policy. One SA for inbound traffic and one for outbound traffic. Due to differences in the upstream and downstream traffic flows, the SA may expire asymmetrically. For example, if the downstream traffic is very high, the lifebyte for a download stream may expire frequently. The lifebyte of the upload stream may not expire as frequently. Therefore, set the values reasonably to reduce the difference in expiry frequencies of the SAs; otherwise, this asymmetry might exhaust system resources. Lifebyte specifications are recommended for advanced users only. Encryption Algorithm Check the algorithm used to encrypt the data. Integrity Algorithm Check the algorithm used to verify the integrity of the data. PFS Key Group Enables or disables Perfect Forward Secrecy (PFS) to improve security. While slower, this protocol helps to prevent eavesdroppers by ensuring that a Diffie-Hellman exchange is performed for every phase-2 negotiation. Choices are: • Checked = enable PFS. • Unchecked = disable PFS. 102 DWC-1000 Wireless Controller User's Guide