|
Setting/Setting Confirmation
221
communicate on the IPsec SA in
Kbytes.
PFS
•
Disable: means PFS is not
guaranteed.
•
768bit: guarantees PFS using DH-
Group1
•
1024bit: guarantees PFS using
DH-Group2
•
1536bit: guarantees PFS using
DH-Group5
•
2048bit: guarantees PFS using
DH-Group14
PFS
(Perfect Forward
Secrecy)
Disabled
Rekey
•
Enable: IKE negotiation begins
when there is IPsec target traffic.
Also, rekeying is done when there
is traffic using the generated SA.
•
Always: IKE negotiation starts
after the IP address of this
product's WAN interface is set,
regardless of the existence of
traffic of the IPsec target.
Moreover, rekeying is done
regardless of the existence of
traffic using the generated SA.
•
No Rekey: IKE negotiation starts
when traffic of the IPsec target is
generated. In this mode, no
rekeying is done.
Enable
Rekey Remaining
Time(sec)
Rekey Automatic update of SA
starts when the remaining time
(sec) becomes less than the
specified value (30 to 345600
seconds).
Not Set
[Note]
The IPsec remote ID and static routing setting priority is as follows.
If the VPN operation mode is policy based, when the remote ID of IKE Phase 2 is registered, the static route will be
automatically registered. This route is prioritized over the normal static route. Routes to the local ID of IKE Phase 2 are
not automatically registered as static routes, IPv4 routing settings need to be added.
*Although the above is about IKEv1, IKE
v2’s IKE_AUTH exchange setting local traffic selector and remote traffic sele
ctor
are the same.