ZyXEL LTE5121 User Guide - Page 155

Chapter 16 VPN Table 62 IPSec VPN: Add LABEL Perfect Forward Secrecy (PFS) DESCRIPTION Select whether or not you want to enable Perfect Forward Secrecy (PFS) PFS changes the root key that is used to generate encryption keys for each IPSec SA. The longer the key, the more secure the encryption, but also the longer it takes to encrypt and decrypt information. Both routers must use the same DH key group. Choices are: Diffie-Hellman Group2 - use a 1024-bit random number Diffie-Hellman Group5 - use a 1536-bit random number DPD Active Diffie-Hellman Group14 - use a 2048-bit random number Enable Dead Peer Detection (DPD) Active check box if you want the LTE Device to make sure the remote IPSec router is there before it transmits data through the IKE SA. The remote IPSec router must support DPD. If the remote IPSec router does not respond, the LTE Device shuts down the IKE SA. 16.4 VPN Monitor Screen Use this screen to view active VPN connections. The following figure helps explain the main fields in the web configurator. Click Security > VPN > Monitor to open this screen as shown next. Figure 105 Monitor This screen contains the following fields: Table 63 Monitor LABEL DESCRIPTION # This is the VPN policy index number. Status This displays if the VPN policy is connected. Tunnel Name Enter the name of the VPN connection. IPSec Algorithm This displays the encryption algorithm being used for the VPN connection. Refresh Click this button to refresh the information on the screen. 16.5 Technical Reference This section provides some technical background information about the topics covered in this section. LTE-5121 User's Guide 155