D-Link DWC-1000 User Manual page 102

Field
This section is used when Policy Type = Auto Policy under the General section of this page. These settings configure Phase 2
negotiations and should match the Phase 2 settings on the remote tunnel endpoint.
SA Lifetime
Encryption Algorithm
Integrity Algorithm
PFS Key Group
VPN Settings
Enter the duration of the Security Association and select the unit (seconds or Kbytes) from the
drop-down list.
Seconds = measures the SA Lifetime in seconds. After the specified number of seconds
•
passes, the Security Association is renegotiated. Default value is 3600 seconds. Minimum
value is 300 seconds.
Kbytes = measures the SA Lifetime in kilobytes. After the specified number of kilobytes of data
•
is transferred, the SA is renegotiated. Minimum value is 1920000 KB.
When configuring a Lifetime in kilobytes (also known as lifebytes), two SAs are created for each
policy. One SA for inbound traffic and one for outbound traffic. Due to differences in the upstream
and downstream traffic flows, the SA may expire asymmetrically. For example, if the downstream
traffic is very high, the lifebyte for a download stream may expire frequently. The lifebyte of the
upload stream may not expire as frequently. Therefore, set the values reasonably to reduce the
difference in expiry frequencies of the SAs; otherwise, this asymmetry might exhaust system
resources. Lifebyte specifications are recommended for advanced users only.
Check the algorithm used to encrypt the data.
Check the algorithm used to verify the integrity of the data.
Enables or disables Perfect Forward Secrecy (PFS) to improve security. While slower, this
protocol helps to prevent eavesdroppers by ensuring that a Diffie-Hellman exchange is
performed for every phase-2 negotiation. Choices are:
Checked = enable PFS.
•
Unchecked = disable PFS.
•
102
DWC-1000 Wireless Controller User's Guide
Description