Manuals / Billion Electric Company / Computer Equipment / Network Card

Billion Electric Company CO1 user manual Local and Remote ID

Models: CO1

1 42
Download 42 pages 51.47 Kb
Page 24
Image 24
Local and Remote ID

Billion BiGuard VPN Client

~Aggressive Mode: If checked, the VPN client will used aggressive mode as negotiation mode with the remote router.

~IKE port: Negotiation port for IKE. Default value is 500.

~Redundant GW: This allows the VPN Client to open an IPSec tunnel with an alternate gateway in case the primary gateway is down or not responding. Enter either the IP address or the url of the Redundant Gateway (e.g. router.dyndns.com).

BiGuard VPN Client will contact the primary gateway to establish a tunnel. If it fails after several tries (default is 5 tries, configurable in "Parameters" panel then modify "Retransmissions" field to modify this default value) the Redundant Gateway is used as the new tunnel endpoint. Delay between two retries is about 10 seconds.

In case primary gateway can be reached but tunnel establishment fails (e.g. VPN configuration problems) then the VPN Client won't try to establish tunnels with the redundant gateway. Configurations need modifications.

If a tunnel is successfully established to the primary gateway with DPD feature (i.e. Dead Peer Detection) negotiated on both sides, when the primary gateway stops responding (e.g. DPD detects non-responding remote gateways) the VPN Client immediately starts opening a new tunnel with the redundant gateway.

The exact same behaviour will apply to the redundant gateway. This means that the VPN Client will try to open primary and redundant gateway until the user exits software or click on “Save & Apply”.

X-Auth:Define the login and password of an X-Auth IPSec negotiation. If "X-Auth popup" is selected, a popup window asking for a login and a password will appear each time an authentication is required to open a tunnel with the remote gateway. The end user has 20 seconds to enter its login and password before X-Auth authentication fails.

If X-Auth authentication fails then the tunnel establishment will fail too.

(Please see the “Appendix A” – the Compatible table of Billion VPN enabled devices and BiGuard VPN Client).

Local and Remote ID

~Local ID: Local ID is the identity the BiGuard VPN client is sending during Phase 1 to VPN gateway.

This identity can be: an IP address (type = IP address), for example: 195.100.205.101

an domaine name (type = DNS); an email address (type = Email); a string (type = KEY ID);

a certificate issuer (type=DER ASN1 DN) (About X509 certificates, please see Appendix A).

If this identity is not set, VPN client’s IP address is used.

~Remote ID: Remote ID is the identity the BiGuard VPN client is expecting to receive during Phase 1 from the VPN gateway.

This identity can be: an IP address (type = IP address);

an domaine name (type = DNS); an email address (type = Email); a string (type = KEY ID);

a certificate issuer (type=DER ASN1 DN) (About X509 certificates, please see Appendix A).

21

Chapter 4: VPN Configuration

Page 23 Page 25
Page 24
Image 24
Billion Electric Company CO1 user manual Local and Remote ID
Page 23 Page 25