TP-Link TL-R600VPN TL-R600VPN V1 User Guide - Page 53

Encryption Algorithm, IKE Security Policy, PFS Group, Lifetime, Status, Security Protocol,

Get TP-Link TL-R600VPN PDF manuals and user guides View all TP-Link TL-R600VPN manuals
Add to My Manuals
Save this manual to your list of manuals

Page 53 highlights

TL-R600VPN SafeStreamTM Gigabit Broadband VPN Router User Guide Encryption Algorithm: Select the Encryption Algorithm for IPsec policy. The default value is "Auto". IKE Security Policy: Select the IKE Security Policy for IPsec policy. PFS Group: Select the PFS (Perfect Forward Security) for IKE mode to enhance security. This setting should match the remote peer. With PFS feature, IKE negotiates to create a new key in Phase2. As it is independent of the key created in Phase1, this key can be secure even when the key in Phase1 is de-encrypted. Without PFS, the key in Phase2 is created based on the key in Phase1 and thus once the key in Phase1 is de-encrypted, the key in Phase2 is easy to be de-encrypted, in this case, the communication secrecy is threatened. Lifetime: Specify IPsec SA Lifetime for IKE mode. Status: Enable or disable the entry. z Manual Mode Security Protocol: Select the Security Protocol for IPsec. Authentication Algorithm: Select the Authentication Algorithm for IPsec policy. The default value is "SHA1". Encryption Algorithm: Select the Encryption Algorithm for IPsec policy. The default value is "AES256". Incoming SPI: Specify the Incoming SPI (Security Parameter Index) manually. The Incoming SPI here must match the Outgoing SPI value at the other end of the tunnel, and vice versa. In Authentication Specify the inbound AH Authentication Key manually if AH Key: protocol is used in the corresponding IPsec Proposal. The inbound key here must match the outbound AH 47

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
TL-R600VPN
SafeStream
TM
Gigabit Broadband VPN Router User Guide
47
Encryption Algorithm:
Select the Encryption Algorithm for IPsec policy.
The default value is “Auto”.
IKE Security Policy:
Select the IKE Security Policy for IPsec policy.
PFS Group:
Select the PFS (Perfect Forward Security) for IKE
mode to enhance security. This setting should
match the remote peer. With PFS feature, IKE
negotiates to create a new key in Phase2. As it is
independent of the key created in Phase1, this key
can be secure even when the key in Phase1 is
de-encrypted. Without PFS, the key in Phase2 is
created based on the key in Phase1 and thus once
the key in Phase1 is de-encrypted, the key in
Phase2 is easy to be de-encrypted, in this case,
the communication secrecy is threatened.
Lifetime:
Specify IPsec SA Lifetime for IKE mode.
Status:
Enable or disable the entry.
z
Manual Mode
Security Protocol:
Select the Security Protocol for IPsec.
Authentication
Algorithm:
Select the Authentication Algorithm for IPsec policy. The
default value is “SHA1”.
Encryption
Algorithm:
Select the Encryption Algorithm for IPsec policy. The
default value is “AES256”.
Incoming SPI:
Specify the Incoming SPI (Security Parameter Index)
manually. The Incoming SPI here must match the
Outgoing SPI value at the other end of the tunnel, and
vice versa.
In
Authentication
Key:
Specify the inbound AH Authentication Key manually if AH
protocol is used in the corresponding IPsec Proposal. The
inbound key here must match the outbound AH