
Chapter 13 VPN 245
Nortel Business Secure Router 252 Configuration — Basics
SA Monitor
In the WebGUI, click VPN and the SA Monitor tab. Use this screen to display
and manage all of the active VPN connections (IPSec sessions).
A Security Association (SA) is the group of security settings related to a specific
VPN tunnel. This screen displays active VPN connections. Use Refresh to
display active VPN connections. This screen is read-only. Table 58 describes the
fields in this tab.
Perfect Forward
Secrecy (PFS)
Perfect Forward Secrecy (PFS) is disabled (None) by default in phase
2 IPSec SA setup. This allows faster IPSec setup, but is not as
secure. Choose from DH1, DH2, or DH5 to enable PFS.
DH1 refers to Diffie-Hellman Group 1, a 768-bit random number.
DH2 refers to Diffie-Hellman Group 2, a 1 024-bit (1Kb) random
number (more secure, yet slower).
DH5 refers to Diffie-Hellman Group 5, a 1 536-bit random number.
Apply Click Apply to temporarily save the settings and return to the VPN -
Branch Office Rule Setup screen. The advanced settings are saved
to the Business Secure Router if you click Apply in the VPN - Branch
Office Rule Setup screen.
Cancel Click Cancel to return to the VPN Branch Office screen without
saving your changes.
Note: When there is outbound traffic but no inbound traffic, the SA
times out automatically after two minutes. A tunnel with no outbound or
inbound traffic is idle and does not time out until the SA lifetime period
expires. See the section “Keep Alive” on page 212 about keep alive to
have the Business Secure Router renegotiate an IPSec SA when the SA
lifetime expires, even if there is no traffic.
Table 57 VPN Branch Office Advanced Rule Setup
Label Description
Komentáře k této Příručce