103
SA (Security Association)
A Security Association (SA) is the establishment of shared security attributes
between two network entities to support secure communication.
An SA may include attributes such as:
cryptographic algorithm and mode; traffic encryption key; and parameters for the
network data to be passed over the connection.
Establishment of an SA is described in RFC 2408, the Internet Security
Association and Key Management Protocol.
This page allows you to configure SA.
IKE (Phase 1) Proposal
Exchange
Select Main Mode or Aggressive Mode for IKE Phase 1 negotiation.
• Main Mode: Select this option to configure the standard
negotiation parameters for IKE Phase 1 of the VPN Tunnel.
(Recommended Setting)
• Aggressive Mode: Select this option to configure IKE Phase 1 of
the VPN Tunnel to carry out negotiation in a shorter amount of
time. (Not Recommended - Less Secure)
DH Group
Select a DH Group from the drop-down menu (Group 1, Group2,
Group5 and Group14). As the DH Group number increases, the
higher the level of encryption implemented for IKE Phase 1.
Encryption
The WLR4002 supports DES, 3DES, AES128, AES192, AES256
encryption methods for traffic through the VPN.
Authentication
The WLR4002 supports SHA1, MD5 methods for authentication.
Life Time Enter the number of seconds for the IKE Lifetime. The
period of time to pass before establishing a new IKE security
association (SA) with the remote endpoint. The default value is
28800.