Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router

more powerful but increase the latency.

￿DES: Stands for Data Encryption Standard, it uses 56 bits encryption method.

￿3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits encryption method.

￿AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits encryption method.

oDiffie-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a shared secret over an unsecured communication channel (i.e. over the Internet). There are three modes, MODP 768-bit, MODP 1024-bit and MODP 1536-bit. MODP stands for Modular Exponentiation Groups.

oLocal ID:

￿Type: Specify a local ID type.

￿Content: Input ID information, like domain name www.ipsectest.com.

oRemote ID:

￿Type: Specify a Remote ID type.

￿Identifier: Input remote ID information, like domain name www.ipsectest.com.

oSA Lifetime: Specify the number of minutes that a Security Association (SA) will stay active before a new encryption and an authentication key will be exchanged. There are two kinds of SAs, IKE and IPSec. IKE negotiates and establishes SA on behalf of IPSec, an IKE SA is used by IKE.

￿Phase 1 (IKE): To issue an initial connection request for a new VPN tunnel. The range can be from 5 to 15,000 minutes, and the default is 240 minutes.

￿Phase 2 (IPSec): To negotiate and establish a secure authentication. The range can be from 5 to 15,000 minutes, and the default is 60 minutes.

Note: A short SA time increases security by forcing two parties to update the keys. However, every time the VPN tunnel re-negotiates, access through the tunnel will be temporarily disconnected.

PING to Keepalive: It is used to detect IPSec tunnel connection failure. Connection failure is defined as abort or in NO response state. In such event Ping to Keepalive takes proper action to ensure the connection quality of IPSec.

oPING to the IP: It can IP Ping the remote PC with the specified IP address and issue alert when the connection fails. Once alter message is received, Router will drop this tunnel connection. Re-establishing of this connection is required. Default setting is 0.0.0.0 which disables the function.

oInterval: This sets the time interval of Pings to the IP function to monitor the connection status. Default interval setting is 10 seconds. Time interval can be set

111

Chapter 4: Configuration

Page 114 Page 116
Page 115
Image 115
Billion Electric Company BiPAC 8500/8520, BiPAC 8501/8521 user manual Local ID, Remote ID, 111
Page 114 Page 116
Top Page Image Contents