Vpn group configuration ike configuration tab, Transform, Perfect forward secrecy – Compatible Systems 5.4 User Manual

112

Chapter 7 - VPN Client Tunnels

VPN Group Configuration IKE Configuration Tab

VPN Group Configuration IKE Configuration Tab

Transform

This specifies the protection types and algorithms that will be used for IKE
tunnel sessions for this group configuration. Each option is a protection piece
which specifies authentication and/or encryption parameters.

Use the Move Up and Move Down buttons to arrange the priority of the
protection options.

>

Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) allows you to add an additional security
parameter to tunnel sessions. PFS means that every time encryption and/or
authentication key are computed, a new Diffie-Hellman Key Exchange is
included.

Diffie-Hellman Key Exchange uses a complex algorithm and public and
private keys to encrypt and then decrypt tunneled data. Adding PFS to a
tunneled session greatly increases the difficulty of finding the session keys
used to encrypt a VPN session. It also means that even if the keys are
somehow cracked, only a portion of the traffic is recoverable.

•

If No PFS is selected, this security parameter will not be added for this
group configuration.

•

If Phase 1 Group is selected, the group used in Phase 1 of the IKE nego-
tiation is used as the group for the PFS Diffie-Hellman Key Exchange.