104
IPSec (Phase 2) Proposal
Protocol
Select ESP (Encapsulating Security Payload) or AH (Authentication
Header) for traffic through the VPN.
• AH (Authentication Header) to provide connectionless
integrity and data origin authentication for IP datagrams and to
provide protection against replay attacks.
• ESP (Encapsulating Security Payload) to provide
confidentiality, data origin authentication, connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and
limited traffic flow confidentiality.
Encryption
The WLR4002 supports DES, 3DES, AES128, AES192, AES256
encryption methods for traffic through the VPN.
Authentication
The WLR4002 supports SHA1, MD5 methods for authentication.
Perfect Forward Secrecy
Select Enable or Disable to enable or disable PFS (Perfect Forward
Secrecy). PFS is an additional security protocol.
DH Group
Select a PFS DH Group from the drop-down menu (Group 1,
Group2, Group5, Group14). As the DH Group number increases,
the higher the level of encryption implemented for PFS.
Life Time
Enter the number of seconds for the IPSec Lifetime. The period of
time to pass before establishing a new IPSec security association
(SA) with the remote endpoint. The default value is 28800.
Network
This page allows you to configure the VPN server and
local/remote subnet.
Security Gateway Type Security Gateway Type supports IP Address and
Domain Name. Select one of them.
Security Gateway The IP address or domain name of the VPN server.
Local Network Enter the local (LAN) subnet and mask.
(ex. 192.168.0.0/255.255.255.0)
Remote Network Enter the remote subnet and mask.
(ex. 192.168.9.0/255.255.255.0)