ZyXEL Communications LTE6100 User Manual

 Chapter 13 VPN

LTE6100 User’s Guide

The following figure helps explain the main fields in the web configurator.

Click Security > VPN > Monitor to open this screen as shown next.

Monitor  

This screen contains the following fields:

SA Life Time

Define the length of time before an IPSec SA automatically renegotiates in this 
field.

A short SA Life Time increases security by forcing the two VPN gateways to 
update the encryption and authentication keys. However, every time the VPN 
tunnel renegotiates, all users accessing remote resources are temporarily 
disconnected. 

Perfect 

Forward 

Secrecy (PFS)

Select whether or not you want to enable Perfect Forward Secrecy (PFS)

PFS changes the root key that is used to generate encryption keys for each IPSec 
SA. The longer the key, the more secure the encryption, but also the longer it 
takes to encrypt and decrypt information. Both routers must use the same DH 
key group. Choices are:

Diffie-Hellman Group2 - use a 1024-bit random number

Diffie-Hellman Group5 - use a 1536-bit random number

Diffie-Hellman Group14 - use a 2048-bit random number

DPD Active 

Select the Dead Peer Detection (DPD) Active check box if you want the LTE 
Device to make sure the remote IPSec router is there before it transmits data 
through the IKE SA. The remote IPSec router must support DPD.  If the remote 
IPSec router does not respond, the LTE Device shuts down the IKE SA.

If the remote IPSec router does not support DPD, see if you can use the VPN 
connection connectivity check.

IPSec VPN: Add

Monitor  

#

This is the VPN policy index number. 

Status

This displays if the VPN policy is connected.

Tunnel Name

Enter the name of the VPN connection.

IPSec Algorithm

This displays the encryption algorithm being used for the VPN connection.

Refresh

Click this button to refresh the information on the screen.