CTEK Z4200U SkyRouter User Manual

2 March 2014

41

selection choices with this panel for Phase 1 and Phase 2 are identical but repeated so that different choices can be
applied to Phase 1 and Phase 2

Phase 1 and Phase 2

Encryption - Choices are 3des, or aes.

Authentication - Choices are sha1, or md5

DH Group - Defines what size modulus to use for Diffie-Hellman calculation. Choices are 768,1024, 1536, or 2048

PFS DH Group - Choices are No PFS, 768,1024, 1536, or 2048. You specify the Diffie-Hellman group in Phase 2
only when you select Perfect Forward Secrecy (PFS). PFS makes keys more secure because new keys are not
made from previous keys. When you specify PFS during Phase 2, a Diffie-Hellman exchange occurs each time a
new SA is negotiated. The DH group you choose for Phase 2 does not need to match the group you choose for
Phase 1.

SA Lifetime (Phase 1 & Phase 2) - The lifetime parameter controls the duration (in minutes) for which the SA is
valid. A zero (0) setting disables SA Lifetime timeouts.

4.4.5 Admin Screen Services

This service allows the user to control overall local and remote administrative access.

Figure 32 - Admin Screen Control

Port Number For LAN Admin Screens – Causes the LAN side web server to listen on the specified port.

Port Number For WAN Admin Screens – Causes the WAN side web server to listen on the specified port.

Allow Network Access To Admin Screens – If set to Yes administrative users will be able to connect to router’s Admin
interface over the cellular network connection. If this selection is set to No only local administration is possible.