ZyXEL Vantage CNM User Guide - Page 482
Table 211
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 482 highlights
Chapter 20 VPN Community Table 211 VPN Management > VPN Community > Add/Edit (continued) FIELD DESCRIPTION Perfect Forward Secret (PFS) Select whether or not you want to enable Perfect Forward Secrecy (PFS) and, if you do, which Diffie-Hellman key group to use for encryption. Choices are: NONE - disable PFS DH1 - enable PFS and use a 768-bit random number DH2 - enable PFS and use a 1024-bit random number Enable Replay Detection Enable Multiple Proposals PFS changes the root key that is used to generate encryption keys for each IPSec SA. It is more secure but takes more time. As a VPN setup is processing intensive, the system is vulnerable to Denial of Service (DOS) attacks. The IPSec receiver can detect and reject old or duplicate packets to protect against replay attacks. Enable replay detection by selecting this check box. Select this to allow the Vantage CNM to use any of its phase 2 encryption and authentication algorithms when negotiating an IPSec SA. When you enable multiple proposals, the Vantage CNM allows the remote IPSec router to select which phase 2 encryption and authentication algorithms to use for the IPSec SA, even if they are less secure than the ones you configure for the VPN rule. Apply Cancel Clear this to have the Vantage CNM use only the configured phase 2 encryption and authentication algorithms when negotiating an IPSec SA. Click this to save the changes. Click this to discard all changes and return to the previous screen. 482 Vantage CNM User's Guide