Verifying the connectivity of the ipsec vpn tunnel – TP-Link Omada ER8411 VPN Router User Manual

Configuring VPN

IPSec VPN Configuration

User Guide 149

■

Configuring the IKE Phase-2 Parameters

Choose the menu

VPN > IPSec > IPSec Policy

and click

Advanced Settings

to load the

following page.

Figure 2-3 

Configuring the IKE Phase-2 Parameters

In the

Phase-2 Settings

section, configure the IKE phase-2 parameters and click

OK

.

Encapsulation

Mode

Specify the Encapsulation Mode as Tunnel Mode or Transport Mode. When both ends

of the tunnel are hosts, either mode can be chosen. When at least one of the endpoints

of a tunnel is a security gateway, tunnel mode is recommended to ensure safety.

Proposal

Select the proposal for IKE negotiation phase 2 to specify the encryption algorithm,

authentication algorithm and protocol. Up to four proposals can be selected.

PFS

Select the DH group to enable PFS (Perfect Forward Security) for IKE mode, then the

key generated in phase 2 will be irrelevant with the key in phase 1, which enhance the

network security.

If you select None, it means PFS is disabled and the key in phase 2 will be generated

based on the key in phase 1.

SA Lifetime

Specify IPSec SA (Security Association) Lifetime in IKE negotiation. If the SA lifetime

expired, the related IPSec SA will be deleted.