Filter
Top Products
PLANET ADSL VPN / Firewall Router
60
¤ DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.
¤ 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an
encryption method.
¤ AES: Stands for Advanced Encryption Standards, it uses 128 bits as an encryption
method.
Perfect Forward Secrecy: Choose whether to enable PFS using Diffie-Hellman public-
key cryptography to change encryption keys during the second phase of VPN
negotiation. This function will provide better security, but extends the VPN negotiation
time. Diffie-Hellman is a public-key cryptography protocol that allows two parties to
establish a shared secret over an unsecured communication channel. There are three
modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit, MODP stands for Modular
Exponentiation Groups.
Pre-shared Key: This is for Internet Key Exchange (IKE) protocol, a string from 4 to
128 characters. Both sides should use the same key. IKE is used to establish a shared
security policy and authenticated keys for services (such as IPSec) that require key.
Before any IPSec traffic can be passed, each router must be able to verify the identity of
its peer. This can be done by manually entering the pre-shared key into both sides
(router or hosts).
Click Advanced Option to get the following figure.
SA Lifetime: Specify the number of minutes that a Security Association (SA) will stay
active before new encryption and authentication key will be exchanged. There are two
kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an
IKE SA is used by IKE.
Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. Default 240
minutes, range from 5 to 15,000 minutes.
Phase 2 (IPSec): To negotiate and establish secure authentication. Default 60 minutes,
range from 5 to 15,000 minutes.
A short SA time increases the security by forcing two parties to update the keys.
However, every time the VPN tunnel re-negotiates, the access through tunnel will be