Asus SL1200 User Manual

106

Chapter 10 - Configuring VPN

ASUS SL1200

Default lifetime
Default lifetime for the pre-configured IKE proposals and IPSec proposals

is 3600 seconds (One hour). It is recommended to set lifetime value

greater than 600 seconds, for a new IKE proposal or IPSec proposal. This

will reduce quick re-keying which will unnecessarily burden the system.
Limits for key length
The maximum key length for pre shared key, cipher key and Authentication

Key is 50characters. If the cipher key length is greater than the length

specified by the encryption algorithm, the key is truncated to the

appropriate length.
Priority of the connections
The allow-ike-io default rule has the highest priority (1). The allow-all

default rule has the lowest priority. At any point of time it is recommended

to maintain this priority. If you add connections below the allow-all rule

(lower priority), it will not have any effect as the corresponding packets will

match the allow-all rule and go without encryption.
These pre-configured Proposals/Connections are read-only and cannot

be modified. If you have to specify a proposal (other than the default), you

should add a new one via the VPN configuration page. This way you can

control the proposals that become part of a connection.

For the negotiation to succeed, the peer gateway should

also be configured with matching parameters. However, any

specific proposal can be chosen if needed.

This chapter includes the procedure to configure the Access List through

GUI:

• Basic Access List Configuration

• Access List using IKE

• Advanced Access List Configuration

• Access List using IKE