Manuals / Compatible Systems / Computer Equipment / Network Router

Compatible Systems 5.4 manual Shared Key, Transform, Perfect Forward Secrecy

Models: 5.4

1 313

Download 313 pages 60.17 Kb

Page 106

100	Chapter 6 - VPN Ports and LAN-to-LAN Tunnels

•If Respond is selected, this Tunnel Partner will use IKE, but will only respond to tunnel establishment attempts which have been initiated by other devices. It will not initiate tunnel establishment.

Shared Key

This is a shared alphanumeric secret between 1-255 characters long. It is used to generate session keys which are used to authenticate and/or encrypt each packet received or sent through the tunnel.

Transform

This list box specifies the protection types and algorithms which will be used for tunnel sessions. Each option is a protection piece which specifies the authentication and/or encryption parameters to be used.

Use the Move Up and Move Down buttons to arrange the priority of the protection options.

>Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) allows you to add an additional security parameter to tunnel sessions. PFS means that every time encryption and/or authentication key are computed, a new Diffie-Hellman Key Exchange is included.

Diffie-Hellman Key Exchange uses a complex algorithm and public and private keys to encrypt and then decrypt tunneled data. Adding PFS to a tunneled session greatly increases the difficulty of finding the session keys used to encrypt a VPN session. It also means that even if the keys are somehow cracked, only a portion of the traffic is recoverable.

•If No PFS is selected, this security parameter will not be added for this group configuration.

•If Phase 1 Group is selected, the group used in Phase 1 of the IKE nego- tiation is used as the group for the PFS Diffie-Hellman Key Exchange. This group is set (as G1 or G2) in the IKE Policy Dialog Box. For more information on the IKE Policy Dialog Box, refer to Chapter 7 - VPN Client Tunnels.

•If DH Group 1 is selected, the Diffie-Hellman Group 1 algorithm will be used for the Diffie-Hellman Key Exchange.

•If DH Group 2 is selected, the Diffie-Hellman Group 2 algorithm will be used for the Diffie-Hellman Key Exchange. Because larger numbers are used by the DH Group 2 algorithm, it is more secure than DH Group 1.

Image 106

Compatible Systems 5.4 manual Shared Key, Transform, Perfect Forward Secrecy

Contents

CompatiView 5.4 Reference Guide Page Installation and Overview Table of Contents IiiTable of Contents VPN Ports and LAN-to-LAN TunnelsTCP/IP Filtering 183 Ospf Installation and Overview CompatiView QuickstartSystem Requirements for Windows CompatiView Installation NotesAbout this Manual Selecting IP or IPX Operation with WindowsCompatiView’s Menus and Main Windows Device View and the Main Window Device ViewRight-Clicking in the Device View File Menu New ConfigOpen Config File Open DeviceDownload Config to Device Dialog Box Save / Restart OptionsVPN Port Save To FileSubinterface Firewall PathDatabase Menu Database Options Dialog Box OptionsGeneral Tab Confirmations Tab Save/Restart TabControl Menu Advanced TabTftp Download Download SoftwareRestart Device Statistics Menu Output WindowCompatiView Output Window Serial Statistics EthernetWAN State PPP StatisticsIP Routing Ospf ConfigurationIP Route Table IPX Route TableCommand Line Edit Box View menu Moving and Customizing the WindowsCustomize Customize Window View Dialog Box CommandsWindow Menu ToolbarsPage IP Routing & Bridging TCP/IP Routing Ethernet Configuration Dialog BoxTCP/IP Routing Ethernet Dialog Box IP Routing/Bridging/OffNetwork IP Subnet Mask IP AddressNetwork IP Broadcast Address Routing Protocol RIP Split Horizon Output RIP Input RIPIP Routing & Bridging Directed Broadcast OspfTCP/IP Routing WAN Configuration Dialog Box TCP/IP Routing WAN Configuration Dialog BoxNumbered Interface Network IP Broadcast Address Update Method RIP Split Horizon TCP/IP Routing VPN Configuration Dialog Box IP Routing & Bridging OptionsIP Routing/IP Bridging/IP Off IP Address Routing Protocol Update Method Ospf TCP/IP Routing Bridge Configuration Dialog Box Bridge Logical DiagramTCP/IP Routing Bridge 0 Configuration Dialog Box IP Routing/OffNetwork IP Subnet Mask IP Routing & Bridging Ospf IP Subinterface Dialog Box IP Connection Dialog Box IP Connection Dialog BoxIP On/IP Off IP Address IP Static Routing Dialog Box Mask DestinationGateway Metric Redistribute viaEthernet or Bridge TCP/IP Options Dialog Box Ethernet IP Options Bridge IP OptionsIP Proxy ARP UDP Forwarding Agents Relays UDP Forwarding Agents Dialog BoxUDP Ports/Protocols WAN IP OptionsServer IP Address WAN IP Options Dialog BoxSend IP Address Configure Request Van Jacobson Header CompressionIP Multiprotocol Precedence Dialog Box RIP V2 PasswordTCP/IP Routing Options Protocol PrecedenceIP Route Redistribution Ospf Route Aggregation IP Route Redistribution Dialog BoxRIP to Ospf BGP to Ospf Default into OspfOspf to RIP BGP to RIPIP Routing & Bridging IPX Ethernet Frame Types IPX Routing Ethernet Configuration Dialog BoxIPX Routing Ethernet Configuration Dialog Box IPX Routing & BridgingIPX Routing/Bridging/Off Seed Status per Frame TypeNetwork Number per Frame Type RIP Update TimerSAP Update Timer Block IPX Type 20 Output PacketsIPX Routing WAN Configuration Dialog Box IPX Routing WAN Configuration Dialog BoxNetwork Number Optional Remote Node Network Number IPX Routing & Bridging Use Ethernet Port as End-Node Proxy IPX Routing VPN Configuration Dialog Box IPX Routing VPN Configuration Dialog BoxIPX Routing/Bridging/Off RIP Update Timer IPX Routing Bridge Configuration Dialog Box IPX Routing Bridge 0 Configuration Dialog Box IPX Frame TypesIPX Routing/Off Network Number per Frame Type AppleTalk Routing Ethernet Configuration Dialog Box AppleTalk Routing Ethernet Configuration Dialog BoxAppleTalk Phase 1 Configuration AppleTalk Routing & BridgingPhase 1 Routing/Bridging/Off Phase 1 Seed StatusPhase 1 Node Phase 1 Net #Phase 1 Zone NBP Lookup Filters FilteringPhase 2 Routing/Bridging/Off AppleTalk Phase 2 ConfigurationPhase 2 Seed Status Phase 2 Default Zone Phase 2 Net # RangePhase 2 Zones Phase 2 NodeAppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing WAN Configuration Dialog BoxAppleTalk Routing & Bridging AppleTalk On/Bridging/Off Node ZoneOptional Remote End-Node Network Number Optional Remote End-Node Node Number AppleTalk Routing VPN Configuration Dialog BoxAppleTalk Routing VPN Configuration Dialog Box Optional Remote End-Node ProxyAppleTalk On/Bridging/Off AppleTalk Zone AppleTalk Routing Bridge Configuration Dialog Box AppleTalk Routing Bridge 0 Configuration Dialog Box Phase 1 Routing/Off AppleTalk Routing & Bridging Phase 1 Net # Phase 2 Routing/Off Phase 2 Zones NBP Filtering NBP Filtering Configuration Dialog BoxNetwork Filters Zone Filters AppleTalk Options Configuration Dialog Box Phase 2 Aarp Probe TimeDECnet Routing & Bridging Main DECnet Routing Configuration Dialog BoxMain DECnet Routing Configuration Dialog Box DECnet OnRouting Timer Hello TimerArea DECnet Ethernet Configuration Dialog Box DECnet Routing & Bridging Max AddressesDECnet Ethernet Configuration Dialog Box DECnet Routing/Bridging/OffDECnet WAN Configuration Dialog Box DECnet WAN Configuration Dialog BoxDECnet On/Bridging/Off Hello Timer Add VPN Port Dialog Box Add VPN Port Dialog BoxPartner Address Tunnel Partner VPN Configuration Dialog BoxVPN Ports and LAN-to-LAN Tunnels Bind To InterfaceIKE Key Management Dialog Box IKE Key ManagementKey Manage Transform Shared KeyPerfect Forward Secrecy 101 IKE Configuration Dialog BoxAuthentication EncryptionAuthentication Secret Enable AuthenticationAuthentication Method Manual Key Management103 Interoperability Settings Dialog BoxEnable Encryption Encryption MethodInteroperability Settings Dialog Box Local and Peer SettingsMode 105 Local / AccessPeer / Access Local / ProtocolPeer / Port 107 108 VPN Group Configuration Dialog Box and General Tab VPN Group Configuration Dialog BoxVPN Client Tunnels 109 VPN Group Configuration General Tab MinimumVersion VPN Client Tunnels 111 Inactivity TimeoutSLA Enable Client Exclude Local LANVPN Group Configuration IKE Configuration Tab VPN Group Configuration IKE Configuration TabVPN Client Tunnels 113 Save SecretsVPN Group Configuration Manual Tab VPN Group Configuration Manual TabVPN Client Tunnels 115 VPN Group Configuration IP Connection TabVPN Group Configuration IP Connection Tab Start IP AddressLocal IP Net Assign IP RadiusAdd IP Address Dialog Box VPN Client Tunnels 117 Allow Connections ToAdd EditInput Filters VPN Group Configuration IP Filters TabVPN Config IP Filters Tab Output FiltersVPN Client Tunnels 119 VPN Group Configuration IPX Connection TabVPN Config IPX Connection Tab Local IPX NetVPN Group Configuration IPX Filters Tab VPN Group Configuration IPX Filters TabAssign IPX Radius VPN Client Tunnels 121 Input Filters VPN Group Configuration Rollover TabVPN Group Configuration Rollover Tab Alternate IntraPort AddressesSecurID Required VPN Group Configuration SecurID TabVPN Group Configuration SecurID Tab SecurID User NameVPN Group Configuration DNS Redirection Tab Add Local Domain Dialog Box VPN Group Configuration Wins Redirection TabVPN Group Configuration Wins Tab Local Domain NameVPN User Configuration Dialog Box VPN User Configuration Dialog BoxVPN Client Tunnels 125 Name STEP/STAMP Authentication SecretVPN User Dialog Box VPN GroupVPN Client Tunnels 127 STEP/STAMP Encryption Secret IKE PolicyIKE Policy Global Dialog Box IPSec Gateway Dialog Box IPSec Gateway Configuration Dialog BoxIPSec Gateway VPN Client Tunnels 129 130 IntraGuard Firewall Configuration 131IntraGuard Firewall Configuration Settings FirewallPath Dialog BoxInterfaces Inside/Outside ‘AND’ Filters 133‘OR’ Filters SendTCPReset Advanced Settings Firewall Path Dialog BoxResetRedirects Advanced OptionsSynRejectOnly SendICMPReset135 ICMPtoTCPsessionSecurity Policies Firewall Path Dialog Box Current Security Policy137 Security Policies at a Glance 139 Security Policy Protocol Setting Dialog BoxSecurity Policy Protocol Setting Dialog Box Policy140 141 Port/Protocol Allow Ports/Protocols Dialog BoxPort/Protocol Number 143 Firewall Logging Dialog BoxFirewall Logging Dialog Box TCP Resets IP TimeoutsTCP Timeouts RejectsRedirects Icmp Resets145 GeneralSYN Timer Firewall Settings Dialog BoxFirewall Settings Dialog Box FIN TimerHalfShutTimer TCPTimeoutUDPTimeout DynamicTimerPage Global Bridging Configuration Dialog Box Bridging 149Learning/IEEE Spanning Tree BridgingBridge On Table SizePriority Spanning Tree Fwd Delay Spanning TreeBridging 151 Aging Time Max Age Spanning TreeInterface Configuration Dialog Box Priority Bridging 153 Bridging OnPath Cost Spanning Tree Exclude Non-Routed Protocols WAN Link Protocols 155 Link Configuration WAN Dialog BoxLink Configuration WAN Dialog Box WAN OnLink Type WAN Link ProtocolsFailover Type WAN Link Protocols 157 Backup PortTimers Allow Dial OutDrop Link If Inactive For Allow DialAlways Keep Link Up Dialing MethodDial-Out / Connect Script WAN Link Protocols 159Dial-back Script Script Timeout Retry Delay SettingDialing Retries / Connect Retries Backup Disable Timer Failover Timers Configuration Dialog BoxBackup Enable Timer Backup Init TimerFrame Relay Configuration Dialog Box Frame Relay Configuration Dialog BoxMaintenance Protocol WAN Link Protocols 163 Polling Frequency Home DlciDlci Database Configuration Dialog Box Dlci Entry Dialog Box Dlci Database Dialog BoxDlci # WAN Link Protocols 165AppleTalk Address IPX Address Chap Configuration Dialog BoxChap Configuration Dialog Box DECnet AddressWAN Link Protocols 167 Request Chap AuthenticationRespond to Chap Challenges PAP Configuration Dialog Box PAP Configuration Dialog BoxSecret WAN Link Protocols 169 Request PAP AuthenticationRespond to PAP Requests Smds Dialog Box PasswordSmds Dialog Box Station AddressWAN Link Protocols 171 IP Multicast PPP Options Dialog BoxPPP Options Dialog Box Sequenced Predictor Compression PPP Link Quality Configuration Dialog BoxEcho Packets On WAN Link Protocols 173 LCP Options Configuration Dialog BoxLCP Options Configuration Dialog Box Frequency in Seconds Echo PacketsAddress/Control Compression Multilink PPP Dialog BoxProtocol Compression Mppp Bundle Name EnableWAN Link Protocols 175 Linked PortsMPQual WAN Chat Script Editor Dialog BoxWAN Chat Script Editor Dialog Box Chat Script Editor Dialog Box Buttons & Controls WAN Link Protocols 177Chat Script Rules and Syntax 178 WAN Link Protocols 179 To connect to an Internet Service Provider using a modem Chat Script ExamplesUser Authentication Database Dialog Box WAN Link Protocols 181Interfaces Password/SecretRemote Name Dial-back ChatRoute Filters Button Main TCP/IP Filtering Dialog BoxTCP/IP Filtering 183 Packet Filters ButtonBlock IP Source Routing TCP/IP Filter Editor WindowTCP/IP Filtering Log Rejected Source-Routed PacketsTCP/IP Route Filter Rules Basic IP Route Filter Rules and Syntax TCP/IP Filtering 187 IP Route Filter Rule Options IP Route Filter Rule ModifiersIP Route Filter Rule Notification TCP/IP Packet Filter RulesIP Route Filter Rule Examples TCP/IP Filtering 189 Basic IP Packet Filter Rules and SyntaxIP Packet Filter Rule Operators and Port Names TCP/IP Filtering 191 TCP PortsIcmp Types IP Packet Filter Rule ModifiersTCP/IP Filtering 193 UDPIP Packet Filter Rule Notification Simple IP Packet Filter Rule ExamplesTCP/IP Filtering 195 IP Packet Filter Rule Set ExamplesInterface TCP/IP Packet Filtering Configuration Dialog Box TCP/IP Packet Filtering Bridge Dialog BoxIPX Filtering 197 Main IPX Filtering Configuration Dialog BoxMain IPX Filtering Dialog Box IPX Route FiltersIPX Filter Editor Window IPX Filter Editor WindowIPX Filtering Filter Editor Window Buttons and ControlsIPX Filtering 199 IPX Packet Filter RulesBasic IPX Packet Filter Rules and Syntax IPX Packet Filter Options IPX Filtering 201 IPX Packet Filter Rule NotificationIPX Route Filter Rules IPX Packet Filter Rule ExamplesIPX Filtering 203 Basic IPX Route Filter Rules and Syntax IPX Route Filter Rule Options IPX Route Filter Rule ModifiersIPX Route Filter Rule Notification IPX SAP Filter RulesIPX Filtering 205 IPX Route Filter Rule ExamplesBasic IPX SAP Filter Rules and Syntax IPX SAP Filter OptionsIPX Filtering 207 IPX SAP Filter Rule Notification IPX SAP Filter Rule ModifiersIPX SAP Filter Rule Examples Interface IPX Packet Filtering Configuration Dialog Box IPX Filtering 209210 AppleTalk Filtering 211 Main AppleTalk Filtering Editor WindowMain AppleTalk Filter Editor Window AppleTalk Filtering AppleTalk Packet Filter RulesGeneral Packet Filtering Routing Filters Rtmp AppleTalk Filtering 213Get Zone List Basic AppleTalk Filter Rules and Syntax214 AppleTalk Filtering 215 AppleTalk Get Zone List Filter Rule Set Examples Simple AppleTalk Packet Filter Rule ExamplesAppleTalk Rtmp Filter Rule Set Examples AppleTalk Filtering 217 Interface AppleTalk Filtering Configuration Dialog BoxInput Rtmp Filters Input Packet Filters Output Rtmp FiltersZone List Filters Output Packet FiltersGeneral 219 Physical RS-232 Configuration WAN Dialog BoxPhysical RS-232 Configuration WAN Dialog Box Async/SyncBaud Rate Tx Clock Internal Sync OnlyFlow Control Async Only General 221 Physical T1 WAN Configuration Dialog BoxClock Scheme Line Encoding Fractional T1 EnabledFraming Start Channel & Number of ChannelsInvert Data General 223 Contiguous Channels or Alternate ChannelsChannel Data Rate PRM TransmitPhysical V.35 Configuration WAN Dialog Box Tx Clock InternalPhysical DS3 Configuration WAN Dialog Box General 225System Configuration Dialog Box System Configuration Dialog BoxBandwidth Allocation Confirm Enable Password Confirm PasswordEnable Password General 227Name of Administrator and How to Contact Snmp ConfigurationSnmp System Info Configuration Dialog Box Administrative NameSets Enabled Advanced Snmp Configuration Dialog BoxSnmp Enabled Traps EnabledSnmp Community Strings Configuration Dialog Box Snmp Community Strings Configuration Dialog BoxCommunity String Snmp Traps Dialog Box Snmp Traps Configuration Dialog BoxGeneral 231 Access Host IP AddressPrimary DNS Server Domain Name Server DNS Dialog BoxDomain Name Server Dialog Box Secondary DNS Server Search OrderGeneral 233 Time Server Configuration Dialog BoxTime Server Dialog Box Add TCP/IP DNS ServerProtocol Backup IP AddressOffset from Server Radius Configuration Dialog Box Radius Configuration Dialog BoxGeneral 235 Accounting Port Authentication PortAccounting VPN Real IP AddressGeneral 237 VPN Tunnel Secret VPN AuthenticationPAP Authentication Secret VPN Group InfoSecondary Server IP Address Use Secret in ChecksumSecondary Server Retries General 239 SecurID Configuration Dialog BoxEnable SecurID PortBackup Server TimeoutNAT Configuration Dialog Box New Button Modify Button NAT Configuration Dialog BoxGeneral 241 External Range Internal RangePassThru Range Addresses TCP Syn Timeout General 243 TCP TimeoutUDP Timeout TCP Fin TimeoutNAT Range Dialog Box NAT Range Dialog BoxGeneral 245 NAT Mapping Dialog BoxNAT Mapping Dialog Box NAT Range Dialog Box Internal IP address NAT Mapping Translation Pair ExamplesGeneral 247 Logging Configuration Dialog BoxLogging Configuration Dialog Box Logging OnIP Address Syslogd On Only Send Log to Aux PortSyslogd On File Syslogd On OnlyGeneral 249 Ldap ConfigurationLdap Server Dialog Box Ldap Server Dialog BoxPrimary Server Primary Password Ldap Config NameEnable Ldap Add Ldap Server Dialog BoxGeneral 251 Secondary Server Secondary Password BaseLdap Authentication Dialog Box Ldap Authentication Dialog BoxEnable Ldap Authentication VPN Group Attribute General 253 Primary Server Primary PasswordSecondary Server Secondary Password VPN Shared Secret Attribute254 Ospf 255 Ospf Dialog BoxOspf Dialog Box Area ID Ospf EnabledOspf CostOspf Area Ospf Area Dialog Box Add Ospf Area Dialog BoxStub Default Cost Ospf Authentication TypeEnable Stub Area Ospf 259 Ospf Area NameOspf Virtual Link Net Range Dialog BoxOspf Virtual Link Dialog Box Enable Virtual LinkOspf 261 Add Ospf Virtual Link Dialog BoxTransit Area Virtual Transit DelayOspf Packet Authentication Key Virtual RetransmissionBGP General Dialog Box Enable BGPBGP 263 BGP General Dialog BoxBGP Local Preference BGP Aggregates Dialog BoxBGP Use IPR FiltersBGP 265 BGP Peer Configs Dialog BoxBGP Peer Configs Dialog Box Add BGP Aggregate Dialog BoxInput Route Map BGP Peer Config NameEnable Ebgp Multihop Output Route MapIP Loopback Dialog Box BGP Peers Dialog Box BGP Peers Dialog BoxIP Loopback Add BGP Peer Dialog BoxBGP Route Maps Editor Dialog Box BGP 269BGP Route Maps Dialog Box BGP Route Map Editor Dialog Box Buttons & ControlsEnter Data Dialog Box BGP Route Mapping RulesBGP 271 ActionDirection Options/Output ModifiersBGP 273 Special Communities Options/Input ModifiersBGP Networks Dialog Box BGP NetworksBGP Network Dialog Box BGP 275 Subnet Mask 276 Appendices 277 IP AddressesAppendices Chart 1 IP Address ClassesChart 2 Standard IP Subnets Subnet MasksAppendices 279 Chart 3 Subnetted Class C Host RangesBroadcast Addresses Assigning a Subnet Mask Chart 4 Broadcast Address ExamplesAssigning an IP address Assigning a Broadcast AddressAppendices 281 Static Routes & Routing Protocols IPXIPX Routing Basics 282 Appendices 283 Service Advertising ProtocolClient Machine Addressing AppleTalk AppleTalk Routing BasicsNon-extended and Extended AppleTalk Networks Appendices 285Seeding a Network Segment Probing ZonesAppendices 287 Router AutoconfigurationBridging Bridging BasicsTransparent Bridging Spanning Tree BridgingAppendices 289 Multiport Bridges/Switches and Bridge GroupsSimple Bridging Example Bridge Groups on a Multiport Router Virtual Circuits Frame RelayAppendices 291 AddressingEncapsulation and Fragmentation Local & Global DLCIsLocal Management Interface LMI Network/Protocol Addressing and Virtual InterfacesFrame Relay Example Appendices 293Frame Relay Example Page Symbols Index 295Index Index 297 IPX Index 299 TCP/IPSee also, TCP/IP Index 301 NAT Index 303 RIPUDP Index 305 Dlci Index 307 Radius