Virtual Private Networking
129
Phase 1 settings
Figure 9-17
Set the length of time before Phase 1 is renegotiated in the Key lifetime (m) field. The
length may vary between 1 and 1440 minutes. Shorter values offer higher security at the
expense of the computational overhead required to calculate new keys. For most
applications 60 minutes is recommended. In this example, leave the Key Lifetime as the
default value of 60 minutes.
A new Phase 1 key can be renegotiated before the current one expires. The time for
when this new key is negotiated before the current key expires can be set in the
Rekeymargin field. In this example, leave the Rekeymargin as the default value of 10
minutes.
The Rekeyfuzz value refers to the maximum percentage by which the Rekeymargin
should be randomly increased to randomize rekeying intervals. The Key lifetimes for
both Phase 1 and Phase 2 are dependent on these values and must be greater that the
value of “Rekeymargin x (100 + Rekeyfuzz) / 100.” In this example, leave the
Rekeyfuzz as the default value of 100%.
Enter a secret in the Preshared Secret field. Keep a record of this secret as it will be
used to configure the remote party's secret. In this example, enter: This secret must be
kept confidential.