Chapter 10 – Asus SL6000 User Manual
Page 91
90
ASUS VPN ADSL Router
Chapter 10
Chapter 10
Pre-configured IPSec proposals
IPSec proposals decide the type of encryption and authentication of the traffic
that flows between the endpoints of the tunnel.
Default lifetime
Default lifetime for the pre-configured IKE proposals and IPSec proposals is
3600 seconds. (One hour). It is recommended to set lifetime value greater than
600 seconds, for a new IKE proposal or IPSec proposal. This will reduce quick
re-keying which will unnecessarily burden the system.
Limits for key length
The maximum key length for pre shared key, cipher key and Authentication
Key is 50 characters. If the cipher key length is greater than the length specified
by the encryption algorithm, the key is truncated to the appropriate length.
Priority of the connections
The allow-ike-io default rule has the highest priority (1). The allow-all default
rule has the lowest priority. At any point of time it is recommended to maintain
this priority. If you add connections below the allow-all rule (lower priority), it
will not have any effect as the corresponding packets will match the allow-all
rule and go without encryption.
Important: Note that pre-configured Proposals/Connections are
read-only and cannot be modified. If you have to specify a proposal
(other than the default), you should add a new one via VPN con-
figuration page. This way you can control the proposals that be-
come part of a connection.
Note: For the negotiation to succeed the peer gateway should also
be configured with matching parameters. However if needed any
specific proposal can be chosen.
This chapter includes the procedure to configure the Access List through GUI:
•
Basic Access List Configuration
* Access List using IKE
* Access List using Manual Keys
•
Advanced Access List Configuration
* Access List using IKE
* Access List using Manual Keys