IPSec (Phase 2) Proposal
Protocol
Select ESP (Encapsulating Security Payload) or AH (Authentication Header) for
traffic through the VPN.
• AH (Authentication Header) to provide connectionless integrity and data
origin authentication for IP datagrams and to provide protection against replay
attacks.
• ESP (Encapsulating Security Payload) to provide confidentiality, data origin
authentication, connectionless integrity, an anti-replay service (a form of partial
sequence integrity), and limited traffic flow confidentiality.
Encryption
The WLR-6001 supports DES, 3DES, AES128, AES192, AES256 encryption
methods for traffic through the VPN.
Authentication
The WLR-6001 supports SHA1, MD5 methods for authentication.
Perfect Forward Secrecy
Select Enable or Disable to enable or disable PFS (Perfect Forward Secrecy). PFS
is an additional security protocol.
DH Group
Select a PFS DH Group from the drop-down menu (Group 1, Group2, Group5,
Group14). As the DH Group number increases, the higher the level of encryption
implemented for PFS.
Life Time
Enter the number of seconds for the IPSec Lifetime. The period of time to pass
before establishing a new IPSec security association (SA) with the remote
endpoint. The default value is 28800.
Network
This page allows you to configure the VPN server and
local/remote subnet.
Security Gateway Type Security Gateway Type supports IP Address and
Domain Name. Select one of them.
Security Gateway The IP address or domain name of the VPN server.
Local Network Enter the local (LAN) subnet and mask.
(ex. 192.168.0.0/255.255.255.0)
Remote Network Enter the remote subnet and mask.
(ex. 192.168.9.0/255.255.255.0)