Asus SL1200 User Manual

110

Chapter 10 - Configuring VPN

ASUS SL1200

Field

Description

IPSec Proposal Settings
IPSec Encryption /

Authentication

Select one of the following pre-configured IKE proposals

from the dropdown list. If All is selected, all the pre-config-

ured proposals will be associated with existing tunnel and

one (among the set of IPSec proposals) will be selected au-

tomatically and used by IPSec to communicate with its peer.
All
Strong Encryption & Authentica-

tion (ESP 3DES HMAC SHA1)
Strong Encryption & Authentication (ESP 3DES HMAC MD5)
Encryption & Authentication (ESP DES HMAC SHA1)
Encryption & Authentication (ESP DES HMAC MD5)
Authentication (AH SHA1)
Authentication (AH MD5)
Strong Encryption (ESP 3DES)
Encryption (ESP DES)
Authentication (ESP SHA1)
Authentication (ESP MD5)

PFS Group

PFS stands for perfect forward secrecy. You may choose

to use the same keys (generated when the IKE tunnel is

created) for all re-negotiations or you can choose to generate

new keys for every re-negotiation. Select

None to use the

same keys for all the re-negotiations. Select a specific DH

(Diffie-Hellman) group to generate new keys for every re-

negotiation. The supported DH groups are DH-1, DH-2 and

DH-5. The greater the group number, the more secure the

connection is. However, the greater the group number, the

more time it takes to negotiate a tunnel.
Note: With PFS selected, keys are changed during the

course of a connection and the tunnel is more secure.

However, enabling this option slows down the tunnel negotia-

tion.

Life Times

Enter the life time of IPSec security association in seconds,

minutes, hours or days and kilo bytes. Default value is 3600

seconds and 75000 kilo bytes.