AirLive IP-2000VPN User Manual
Page 68
 
Direction
Select the desired option:
• Initiator - Only outgoing connections will be created. Incoming connection
attempts will be rejected.
• Responder - Only incoming connections will be accepted. Outgoing traffic
which would otherwise result in a connection will be ignored.
• Both Directions - Both incoming and outgoing connections are allowed.
IKE SA Life Time
This setting does not have to match the remote VPN endpoint; the shorter time will
be used. Although measured in seconds, it is common to use time periods of
several hours, such 28,800 seconds.
DH Group
Select the desired method, and ensure the remote VPN endpoint uses the same
method. The smaller bit size is slightly faster.
IKE PFS
If enabled, PFS (Perfect Forward Security) enhances security by changing the
IPSec key at regular intervals, and ensuring that each key has no relationship to
the previous key. Thus, breaking 1 key will not assist in breaking the next key.
This setting should match the remote endpoint.
IKE Keep Alive
Use Ping to maintain VPN connection. The value is used to set the LAN IP address
of other VPN side’s device.
Click Next to see the following IKE Phase 2 screen.
IKE Phase 2
This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for
IKE and IPSec.
AirLive IP-2000VPN User’s Manual
65