Edimax Technology ER-1088 User Manual

Settings – IKE Global Setup

Global List (Phase 1)

The list will only show the approximate information of all Global Settings
on each WAN port. You can modify it by clicking on a selected row.

Global Parameters

• Enable Setting – If set to Enable, it enables the VPN function to

work.

• ISAkmp Port – Internet Security Association and Key Protocol

Management (ISAkmp) is designed to negotiate, establish, modify
and delete security associations and their attributes. By default, it is
assigned UDP port 500 by the IANA. You can set it to use a port
other than port 500. The remote IPsec site will attempt to connect
on it.

• Phase 1 DH Group – There are three levels of cryptography from

the Diffie-Hellman group. The DH method illustrates key generation
using public key cryptography. It uses the public and secret key
information held by both users to generate a key.

• Phase 1 Encryption Method – There are three data encryption

methods available: DES, 3DES and AES.

• Phase 1 Authentication Method – There are two authentication

methods available: MD5 and SHA1 (Secure Hash Algorithm)

• Phase 1 SA Life Time – By default the Security Association lifetime

is 28800 seconds. When it is expired, a new key is re-negotiated.
During the negotiation period, the VPN tunnel isn’t available.

• Retry Counter – This indicates how many times the process of

Phase 1 will be restarted if it’s unsuccessful. There will be an error
message in the VPN log once it is expired.

• Retry Interval – This indicates the time period between two

consecutive retries.

• Maxtime to complete Phase 1 – This indicates the maximum time

allowed for negotiation in Phase 1. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.

• Maxtime to complete Phase 2 – It indicates the maximum time

allowed for negotiation in Phase 2. If it expires, it is recommended
to increase the Maxtime period or reduce the DH group level.
Default value is 30 sec.

• Count Per Send – This indicates the maximum amount of duplicate

packets to be resent if the remote side does not respond to the first
packet.

• Force Deletion after Expiry – When set to Enable, once SA has

expired, the tunnel session will be removed and all related
resources will be cleared.

Log Level

This function allows you to select which information you want to see on
the VPN log. It has six different message levels: None, Critical, Error,
Warning, Information and Debug.

Page 55