Virtual Private Network
| that of DES key and hence it is more secure. User must select exactly the |
| same IKE Encryption algorithm on both ends of a VPN tunnel. |
|
|
Phase 2 Proposal |
|
|
|
PFS Mode | Select the mode that will be used for IPSec Perfect Forward Secrecy (PFS). |
| (Group 1, Group 2, Disabled). |
| • Group 1 uses |
| • Group 2 uses |
| • Disable disables the PFS mode. |
| User must use exactly the same PFS mode on both ends of the VPN |
| tunnel. |
IPSec Operation Select the IPSec transform that will be applied to packets that are sent between the two endpoints of a VPN tunnel.
•ESP - specifies that the entire packet will be encrypted (using DES, 3DES or AES algorithm, as selected in ESP Transform field) and authenticated (using MD5 or SHA algorithm, as selected in ESP Authentication field).
•AH - specifies that only the authentication algorithm (MD5 or SHA, as selected in the AH transform field) will be used. When AH is selected, the data portion of packets sent between the two endpoints of a VPN tunnel will not be encrypted.
IPSec Life Duration Enter the IPSec Life Duration (in seconds). It is used for life duration of Phase 2 key. When this timer expires, the two peers should trigger Phase 2 negotiation again to set up a new Phase 2 key. The minimum life duration is 180 seconds and maximum life duration is 86400 seconds.
ESP Transform | Select the ESP transform encryption algorithm (Null, DES, 3DES and |
| AES) to be used when ESP is selected as the IPSec Operation. User must |
| select the same ESP transform encryption algorithm on both ends of a |
| VPN tunnel. |
|
|
ESP Auth | Select the ESP authentication algorithm (Null, MD5, and SHA) to be used |
| when ESP is selected as IPSec Operation. The user needs to use the same |
| ESP authentication algorithm on both ends of a VPN tunnel. |
|
|
AH Transform | Select the AH authentication algorithm (MD5, SHA) to be used when AH |
| is selected as the IPSec Operation. The user needs to use the same AH |
| authentication method on both ends of a VPN tunnel. |
|
|
Target Host Range |
|
|
|
Type | Select the type of network definition for the range of IP addresses on the |
| remote LAN that will access the VPN. Only the Subnet type is supported. |
Target Network Address
Enter IP address range of the remote host machines that can be accessible from a VPN tunnel. This is specified as a combination of network address and the subnet mask. e.g. when the user needs to access remote machines with IP address in the range of 192.168.20.1 to 192.168.20.16 , then he/she can specify this range as 192.168.20.1/28.
Note: The user has to specify a proper routing entry in the routing page for the
remote network address. For example, if the remote network address range is 192.168.20.1 / 28 , then the user can specify the route entry with destination address
Dlink | 52 |