Filter
Top Products
14-9
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 14 Enhanced Easy VPN
Transform Set Columns
Use the two columns at the top of the dialog to specify the transform sets that you
want to include in the profile. The left-hand column contains the transform sets
configured on the router. To add a configured tranform set to the profile, select it
and click the >> button. If there are no tranform sets in the left-hand column, or
if you need a transform set that has not been created, click Add and create the
transform set in the displayed dialog.
Time Based IPSec SA Lifetime
Click Time Based IPSec SA Lifetime if you want a new SA to be established
after a set period of time has elapsed. Enter the time period in the HH:MM:SS
fields to the right. The range is from 0:2:0 (2 minutes) to 24:0:0 (24 hours).
Traffic Volume Based IPSec SA Lifetime
Click Traffic Volume Based IPSec SA Lifetime if you want a new SA to be
established after a specified amount of traffic has passed through the IPSec tunnel.
Enter the number of kilobytes that should pass through the tunnel before an
existing SA is taken down and a new one is established. The range is from 2560
KB to 536870912 KB.
IPSec SA Idle Time
Click IPSec SA Idle Time if you want a new SA to be established after the peer
has been idle for a specified amount of time. Enter the idle time period in the
HH:MM:SS fields to the right. The range is from 0:1:0 (one minute) to 24:0:0 (24
hours).
Perfect Forwarding Secrecy
Click Perfect Forwarding Secrecy if IPSec should ask for perfect forward
secrecy (PFS) when requesting new security associations for this virtual template
interface, or should require PFS in requests received from the peer. You can
specify the following values:
• group1—The 768-bit Diffie-Hellman prime modulus group is used to encrypt
the PFS request.
• group2—The 1024-bit Diffie-Hellman prime modulus group is used to
encrypt the PFS request.