Edimax Technology ER-1088 User Manual

Key Management

Key Type – Two key types are available for the key exchange
management - Manual Key and Auto Key:
• Manual Key – If manual key is selected, no key negotiation is

needed. The following fields to be set are:

1. Encryption Key –This field specifies a key to encrypt and

decrypt IP traffic.

2. Authentication Key – This field specifies a key to use to

authenticate IP traffic.

3. Inbound/out bound SPI (Security Parameter Index) – This

information is carried on the ESP header. Each tunnel must
have a unique inbound and outbound SPI and no two tunnels
share the same SPI. Note that the Inbound SPI must match the
other router’s outbound SPI.

• AutoKey (IKE) – There are two types of operation modes which

can be used in Phase 1 Negotiation:

1. Main mode – Accomplishes a Phase 1 IKE exchange by

establishing a secure channel.

2. Aggressive Mode – This is another way of accomplishing a

phase one exchange. It is faster and simpler than Main Mode
but does not provide identity protection for the negotiating
nodes.

• Perfect Forward Secrecy (PFS) – If PFS is enabled, Phase 2 IKE

negotiation will generate new key data for IP traffic encryption &
authentication. If set to Enable, a hacker using brute force in an
attempt to break encryption keys is not able to obtain other or
future IPSec keys.

• Preshared Key – This field is used to authenticate the remote IKE

peer.

It is a “pass code” or “password” which must be the same one
used between both the local site and remote site. Otherwise the
VPN tunnel will not be established.

• Key Lifetime – This specifies the lifetime of the IKE generated

Key. If the time expires or passed data exceeds the allowed
volume, a new key will be renegotiated. By default, 0 is set for No
Limit.

Security Association
List

The list will display the details of all Policy Setup configuration data
that you have entered. Modification can be made by clicking on a
selected row.

Page 58