ZyXEL Communications LTE6100 User Manual
Chapter 13 VPN
LTE6100 User’s Guide
91
13.2.3 The Monitor Screen
The following figure helps explain the main fields in the web configurator.
Click Security > VPN > Monitor to open this screen as shown next.
Figure 50
Monitor
This screen contains the following fields:
SA Life Time
Define the length of time before an IPSec SA automatically renegotiates in this
field.
field.
A short SA Life Time increases security by forcing the two VPN gateways to
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
update the encryption and authentication keys. However, every time the VPN
tunnel renegotiates, all users accessing remote resources are temporarily
disconnected.
Perfect
Forward
Secrecy (PFS)
Select whether or not you want to enable Perfect Forward Secrecy (PFS)
PFS changes the root key that is used to generate encryption keys for each IPSec
SA. The longer the key, the more secure the encryption, but also the longer it
takes to encrypt and decrypt information. Both routers must use the same DH
key group. Choices are:
SA. The longer the key, the more secure the encryption, but also the longer it
takes to encrypt and decrypt information. Both routers must use the same DH
key group. Choices are:
Diffie-Hellman Group2 - use a 1024-bit random number
Diffie-Hellman Group5 - use a 1536-bit random number
Diffie-Hellman Group14 - use a 2048-bit random number
DPD Active
Select the Dead Peer Detection (DPD) Active check box if you want the LTE
Device to make sure the remote IPSec router is there before it transmits data
through the IKE SA. The remote IPSec router must support DPD. If the remote
IPSec router does not respond, the LTE Device shuts down the IKE SA.
Device to make sure the remote IPSec router is there before it transmits data
through the IKE SA. The remote IPSec router must support DPD. If the remote
IPSec router does not respond, the LTE Device shuts down the IKE SA.
If the remote IPSec router does not support DPD, see if you can use the VPN
connection connectivity check.
connection connectivity check.
Table 37
IPSec VPN: Add
LABEL
DESCRIPTION
Table 38
Monitor
LABEL
DESCRIPTION
#
This is the VPN policy index number.
Status
This displays if the VPN policy is connected.
Tunnel Name
Enter the name of the VPN connection.
IPSec Algorithm
This displays the encryption algorithm being used for the VPN connection.
Refresh
Click this button to refresh the information on the screen.