Compatible Systems 5.4 specs

112	Chapter 7 - VPN Client Tunnels

VPN Group Configuration IKE Configuration Tab

VPN Group Configuration IKE Configuration Tab

Transform

This specifies the protection types and algorithms that will be used for IKE tunnel sessions for this group configuration. Each option is a protection piece which specifies authentication and/or encryption parameters.

Use the Move Up and Move Down buttons to arrange the priority of the protection options.

>Perfect Forward Secrecy

Perfect Forward Secrecy (PFS) allows you to add an additional security parameter to tunnel sessions. PFS means that every time encryption and/or authentication key are computed, a new Diffie-Hellman Key Exchange is included.

Diffie-Hellman Key Exchange uses a complex algorithm and public and private keys to encrypt and then decrypt tunneled data. Adding PFS to a tunneled session greatly increases the difficulty of finding the session keys used to encrypt a VPN session. It also means that even if the keys are somehow cracked, only a portion of the traffic is recoverable.

•If No PFS is selected, this security parameter will not be added for this group configuration.

•If Phase 1 Group is selected, the group used in Phase 1 of the IKE nego- tiation is used as the group for the PFS Diffie-Hellman Key Exchange.

Image 118

Compatible Systems 5.4 manual VPN Group Configuration IKE Configuration Tab

Contents

CompatiView 5.4 Reference Guide Page Installation and Overview Table of Contents Iii Table of Contents VPN Ports and LAN-to-LAN Tunnels TCP/IP Filtering 183 Ospf Installation and Overview CompatiView Quickstart System Requirements for Windows CompatiView Installation NotesAbout this Manual Selecting IP or IPX Operation with Windows CompatiView’s Menus and Main Windows Device View and the Main Window Device View Right-Clicking in the Device View File Menu New ConfigOpen Config File Open Device Download Config to Device Dialog Box Save / Restart Options VPN Port Save To FileSubinterface Firewall Path Database Menu Database Options Dialog Box OptionsGeneral Tab Confirmations Tab Save/Restart Tab Control Menu Advanced Tab Tftp Download Download SoftwareRestart Device Statistics Menu Output WindowCompatiView Output Window Serial Statistics EthernetWAN State PPP Statistics IP Routing Ospf ConfigurationIP Route Table IPX Route Table Command Line Edit Box View menu Moving and Customizing the WindowsCustomize Customize Window View Dialog Box CommandsWindow Menu ToolbarsPage IP Routing & Bridging TCP/IP Routing Ethernet Configuration Dialog BoxTCP/IP Routing Ethernet Dialog Box IP Routing/Bridging/Off Network IP Subnet Mask IP AddressNetwork IP Broadcast Address Routing Protocol RIP Split Horizon Output RIP Input RIP IP Routing & Bridging Directed Broadcast Ospf TCP/IP Routing WAN Configuration Dialog Box TCP/IP Routing WAN Configuration Dialog Box Numbered Interface Network IP Broadcast Address Update Method RIP Split Horizon TCP/IP Routing VPN Configuration Dialog Box IP Routing & Bridging Options IP Routing/IP Bridging/IP Off IP Address Routing Protocol Update Method Ospf TCP/IP Routing Bridge Configuration Dialog Box Bridge Logical Diagram TCP/IP Routing Bridge 0 Configuration Dialog Box IP Routing/Off Network IP Subnet Mask IP Routing & Bridging Ospf IP Subinterface Dialog Box IP Connection Dialog Box IP Connection Dialog BoxIP On/IP Off IP Address IP Static Routing Dialog Box Mask DestinationGateway Metric Redistribute via Ethernet or Bridge TCP/IP Options Dialog Box Ethernet IP Options Bridge IP OptionsIP Proxy ARP UDP Forwarding Agents Relays UDP Forwarding Agents Dialog Box UDP Ports/Protocols WAN IP OptionsServer IP Address WAN IP Options Dialog Box Send IP Address Configure Request Van Jacobson Header Compression IP Multiprotocol Precedence Dialog Box RIP V2 PasswordTCP/IP Routing Options Protocol Precedence IP Route Redistribution Ospf Route Aggregation IP Route Redistribution Dialog BoxRIP to Ospf BGP to Ospf Default into OspfOspf to RIP BGP to RIP IP Routing & Bridging IPX Ethernet Frame Types IPX Routing Ethernet Configuration Dialog BoxIPX Routing Ethernet Configuration Dialog Box IPX Routing & Bridging IPX Routing/Bridging/Off Seed Status per Frame Type Network Number per Frame Type RIP Update TimerSAP Update Timer Block IPX Type 20 Output Packets IPX Routing WAN Configuration Dialog Box IPX Routing WAN Configuration Dialog Box Network Number Optional Remote Node Network Number IPX Routing & Bridging Use Ethernet Port as End-Node Proxy IPX Routing VPN Configuration Dialog Box IPX Routing VPN Configuration Dialog Box IPX Routing/Bridging/Off RIP Update Timer IPX Routing Bridge Configuration Dialog Box IPX Routing Bridge 0 Configuration Dialog Box IPX Frame Types IPX Routing/Off Network Number per Frame Type AppleTalk Routing Ethernet Configuration Dialog Box AppleTalk Routing Ethernet Configuration Dialog BoxAppleTalk Phase 1 Configuration AppleTalk Routing & Bridging Phase 1 Routing/Bridging/Off Phase 1 Seed Status Phase 1 Node Phase 1 Net #Phase 1 Zone NBP Lookup Filters Filtering Phase 2 Routing/Bridging/Off AppleTalk Phase 2 ConfigurationPhase 2 Seed Status Phase 2 Default Zone Phase 2 Net # RangePhase 2 Zones Phase 2 Node AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing WAN Configuration Dialog Box AppleTalk Routing & Bridging AppleTalk On/Bridging/Off Node ZoneOptional Remote End-Node Network Number Optional Remote End-Node Node Number AppleTalk Routing VPN Configuration Dialog BoxAppleTalk Routing VPN Configuration Dialog Box Optional Remote End-Node Proxy AppleTalk On/Bridging/Off AppleTalk Zone AppleTalk Routing Bridge Configuration Dialog Box AppleTalk Routing Bridge 0 Configuration Dialog Box Phase 1 Routing/Off AppleTalk Routing & Bridging Phase 1 Net # Phase 2 Routing/Off Phase 2 Zones NBP Filtering NBP Filtering Configuration Dialog BoxNetwork Filters Zone Filters AppleTalk Options Configuration Dialog Box Phase 2 Aarp Probe Time DECnet Routing & Bridging Main DECnet Routing Configuration Dialog BoxMain DECnet Routing Configuration Dialog Box DECnet On Routing Timer Hello TimerArea DECnet Ethernet Configuration Dialog Box DECnet Routing & Bridging Max Addresses DECnet Ethernet Configuration Dialog Box DECnet Routing/Bridging/Off DECnet WAN Configuration Dialog Box DECnet WAN Configuration Dialog BoxDECnet On/Bridging/Off Hello Timer Add VPN Port Dialog Box Add VPN Port Dialog Box Partner Address Tunnel Partner VPN Configuration Dialog BoxVPN Ports and LAN-to-LAN Tunnels Bind To Interface IKE Key Management Dialog Box IKE Key ManagementKey Manage Transform Shared KeyPerfect Forward Secrecy 101 IKE Configuration Dialog BoxAuthentication Encryption Authentication Secret Enable AuthenticationAuthentication Method Manual Key Management 103 Interoperability Settings Dialog BoxEnable Encryption Encryption Method Interoperability Settings Dialog Box Local and Peer SettingsMode 105 Local / AccessPeer / Access Local / Protocol Peer / Port 107 108 VPN Group Configuration Dialog Box and General Tab VPN Group Configuration Dialog BoxVPN Client Tunnels 109 VPN Group Configuration General Tab MinimumVersion VPN Client Tunnels 111 Inactivity TimeoutSLA Enable Client Exclude Local LAN VPN Group Configuration IKE Configuration Tab VPN Group Configuration IKE Configuration Tab VPN Client Tunnels 113 Save Secrets VPN Group Configuration Manual Tab VPN Group Configuration Manual Tab VPN Client Tunnels 115 VPN Group Configuration IP Connection TabVPN Group Configuration IP Connection Tab Start IP Address Local IP Net Assign IP Radius Add IP Address Dialog Box VPN Client Tunnels 117 Allow Connections ToAdd Edit Input Filters VPN Group Configuration IP Filters TabVPN Config IP Filters Tab Output Filters VPN Client Tunnels 119 VPN Group Configuration IPX Connection TabVPN Config IPX Connection Tab Local IPX Net VPN Group Configuration IPX Filters Tab VPN Group Configuration IPX Filters TabAssign IPX Radius VPN Client Tunnels 121 Input Filters VPN Group Configuration Rollover TabVPN Group Configuration Rollover Tab Alternate IntraPort Addresses SecurID Required VPN Group Configuration SecurID TabVPN Group Configuration SecurID Tab SecurID User Name VPN Group Configuration DNS Redirection Tab Add Local Domain Dialog Box VPN Group Configuration Wins Redirection TabVPN Group Configuration Wins Tab Local Domain Name VPN User Configuration Dialog Box VPN User Configuration Dialog BoxVPN Client Tunnels 125 Name STEP/STAMP Authentication SecretVPN User Dialog Box VPN Group VPN Client Tunnels 127 STEP/STAMP Encryption Secret IKE PolicyIKE Policy Global Dialog Box IPSec Gateway Dialog Box IPSec Gateway Configuration Dialog BoxIPSec Gateway VPN Client Tunnels 129 130 IntraGuard Firewall Configuration 131 IntraGuard Firewall Configuration Settings FirewallPath Dialog BoxInterfaces Inside/Outside ‘AND’ Filters 133‘OR’ Filters SendTCPReset Advanced Settings Firewall Path Dialog BoxResetRedirects Advanced Options SynRejectOnly SendICMPReset135 ICMPtoTCPsession Security Policies Firewall Path Dialog Box Current Security Policy 137 Security Policies at a Glance 139 Security Policy Protocol Setting Dialog BoxSecurity Policy Protocol Setting Dialog Box Policy 140 141 Port/Protocol Allow Ports/Protocols Dialog BoxPort/Protocol Number 143 Firewall Logging Dialog BoxFirewall Logging Dialog Box TCP Resets IP TimeoutsTCP Timeouts Rejects Redirects Icmp Resets145 General SYN Timer Firewall Settings Dialog BoxFirewall Settings Dialog Box FIN Timer HalfShutTimer TCPTimeoutUDPTimeout DynamicTimerPage Global Bridging Configuration Dialog Box Bridging 149 Learning/IEEE Spanning Tree BridgingBridge On Table Size Priority Spanning Tree Fwd Delay Spanning TreeBridging 151 Aging Time Max Age Spanning Tree Interface Configuration Dialog Box Priority Bridging 153 Bridging OnPath Cost Spanning Tree Exclude Non-Routed Protocols WAN Link Protocols 155 Link Configuration WAN Dialog BoxLink Configuration WAN Dialog Box WAN On Link Type WAN Link ProtocolsFailover Type WAN Link Protocols 157 Backup PortTimers Allow Dial Out Drop Link If Inactive For Allow DialAlways Keep Link Up Dialing Method Dial-Out / Connect Script WAN Link Protocols 159Dial-back Script Script Timeout Retry Delay SettingDialing Retries / Connect Retries Backup Disable Timer Failover Timers Configuration Dialog BoxBackup Enable Timer Backup Init Timer Frame Relay Configuration Dialog Box Frame Relay Configuration Dialog BoxMaintenance Protocol WAN Link Protocols 163 Polling Frequency Home Dlci Dlci Database Configuration Dialog Box Dlci Entry Dialog Box Dlci Database Dialog Box Dlci # WAN Link Protocols 165AppleTalk Address IPX Address Chap Configuration Dialog BoxChap Configuration Dialog Box DECnet Address WAN Link Protocols 167 Request Chap AuthenticationRespond to Chap Challenges PAP Configuration Dialog Box PAP Configuration Dialog BoxSecret WAN Link Protocols 169 Request PAP AuthenticationRespond to PAP Requests Smds Dialog Box PasswordSmds Dialog Box Station Address WAN Link Protocols 171 IP Multicast PPP Options Dialog BoxPPP Options Dialog Box Sequenced Predictor Compression PPP Link Quality Configuration Dialog BoxEcho Packets On WAN Link Protocols 173 LCP Options Configuration Dialog BoxLCP Options Configuration Dialog Box Frequency in Seconds Echo Packets Address/Control Compression Multilink PPP Dialog BoxProtocol Compression Mppp Bundle Name EnableWAN Link Protocols 175 Linked Ports MPQual WAN Chat Script Editor Dialog BoxWAN Chat Script Editor Dialog Box Chat Script Editor Dialog Box Buttons & Controls WAN Link Protocols 177Chat Script Rules and Syntax 178 WAN Link Protocols 179 To connect to an Internet Service Provider using a modem Chat Script Examples User Authentication Database Dialog Box WAN Link Protocols 181 Interfaces Password/SecretRemote Name Dial-back Chat Route Filters Button Main TCP/IP Filtering Dialog BoxTCP/IP Filtering 183 Packet Filters Button Block IP Source Routing TCP/IP Filter Editor WindowTCP/IP Filtering Log Rejected Source-Routed Packets TCP/IP Route Filter Rules Basic IP Route Filter Rules and Syntax TCP/IP Filtering 187 IP Route Filter Rule Options IP Route Filter Rule Modifiers IP Route Filter Rule Notification TCP/IP Packet Filter RulesIP Route Filter Rule Examples TCP/IP Filtering 189 Basic IP Packet Filter Rules and Syntax IP Packet Filter Rule Operators and Port Names TCP/IP Filtering 191 TCP Ports Icmp Types IP Packet Filter Rule Modifiers TCP/IP Filtering 193 UDP IP Packet Filter Rule Notification Simple IP Packet Filter Rule Examples TCP/IP Filtering 195 IP Packet Filter Rule Set Examples Interface TCP/IP Packet Filtering Configuration Dialog Box TCP/IP Packet Filtering Bridge Dialog Box IPX Filtering 197 Main IPX Filtering Configuration Dialog BoxMain IPX Filtering Dialog Box IPX Route Filters IPX Filter Editor Window IPX Filter Editor WindowIPX Filtering Filter Editor Window Buttons and Controls IPX Filtering 199 IPX Packet Filter RulesBasic IPX Packet Filter Rules and Syntax IPX Packet Filter Options IPX Filtering 201 IPX Packet Filter Rule Notification IPX Route Filter Rules IPX Packet Filter Rule Examples IPX Filtering 203 Basic IPX Route Filter Rules and Syntax IPX Route Filter Rule Options IPX Route Filter Rule Modifiers IPX Route Filter Rule Notification IPX SAP Filter RulesIPX Filtering 205 IPX Route Filter Rule Examples Basic IPX SAP Filter Rules and Syntax IPX SAP Filter Options IPX Filtering 207 IPX SAP Filter Rule Notification IPX SAP Filter Rule ModifiersIPX SAP Filter Rule Examples Interface IPX Packet Filtering Configuration Dialog Box IPX Filtering 209 210 AppleTalk Filtering 211 Main AppleTalk Filtering Editor WindowMain AppleTalk Filter Editor Window AppleTalk Filtering AppleTalk Packet Filter RulesGeneral Packet Filtering Routing Filters Rtmp AppleTalk Filtering 213Get Zone List Basic AppleTalk Filter Rules and Syntax 214 AppleTalk Filtering 215 AppleTalk Get Zone List Filter Rule Set Examples Simple AppleTalk Packet Filter Rule ExamplesAppleTalk Rtmp Filter Rule Set Examples AppleTalk Filtering 217 Interface AppleTalk Filtering Configuration Dialog BoxInput Rtmp Filters Input Packet Filters Output Rtmp FiltersZone List Filters Output Packet Filters General 219 Physical RS-232 Configuration WAN Dialog BoxPhysical RS-232 Configuration WAN Dialog Box Async/Sync Baud Rate Tx Clock Internal Sync OnlyFlow Control Async Only General 221 Physical T1 WAN Configuration Dialog BoxClock Scheme Line Encoding Fractional T1 EnabledFraming Start Channel & Number of Channels Invert Data General 223 Contiguous Channels or Alternate ChannelsChannel Data Rate PRM Transmit Physical V.35 Configuration WAN Dialog Box Tx Clock Internal Physical DS3 Configuration WAN Dialog Box General 225 System Configuration Dialog Box System Configuration Dialog BoxBandwidth Allocation Confirm Enable Password Confirm PasswordEnable Password General 227 Name of Administrator and How to Contact Snmp ConfigurationSnmp System Info Configuration Dialog Box Administrative Name Sets Enabled Advanced Snmp Configuration Dialog BoxSnmp Enabled Traps Enabled Snmp Community Strings Configuration Dialog Box Snmp Community Strings Configuration Dialog BoxCommunity String Snmp Traps Dialog Box Snmp Traps Configuration Dialog BoxGeneral 231 Access Host IP Address Primary DNS Server Domain Name Server DNS Dialog BoxDomain Name Server Dialog Box Secondary DNS Server Search Order General 233 Time Server Configuration Dialog BoxTime Server Dialog Box Add TCP/IP DNS Server Protocol Backup IP AddressOffset from Server Radius Configuration Dialog Box Radius Configuration Dialog BoxGeneral 235 Accounting Port Authentication PortAccounting VPN Real IP Address General 237 VPN Tunnel Secret VPN AuthenticationPAP Authentication Secret VPN Group Info Secondary Server IP Address Use Secret in ChecksumSecondary Server Retries General 239 SecurID Configuration Dialog BoxEnable SecurID Port Backup Server Timeout NAT Configuration Dialog Box New Button Modify Button NAT Configuration Dialog BoxGeneral 241 External Range Internal RangePassThru Range Addresses TCP Syn Timeout General 243 TCP TimeoutUDP Timeout TCP Fin Timeout NAT Range Dialog Box NAT Range Dialog Box General 245 NAT Mapping Dialog BoxNAT Mapping Dialog Box NAT Range Dialog Box Internal IP address NAT Mapping Translation Pair Examples General 247 Logging Configuration Dialog BoxLogging Configuration Dialog Box Logging On IP Address Syslogd On Only Send Log to Aux PortSyslogd On File Syslogd On Only General 249 Ldap ConfigurationLdap Server Dialog Box Ldap Server Dialog Box Primary Server Primary Password Ldap Config NameEnable Ldap Add Ldap Server Dialog Box General 251 Secondary Server Secondary Password Base Ldap Authentication Dialog Box Ldap Authentication Dialog BoxEnable Ldap Authentication VPN Group Attribute General 253 Primary Server Primary PasswordSecondary Server Secondary Password VPN Shared Secret Attribute 254 Ospf 255 Ospf Dialog BoxOspf Dialog Box Area ID Ospf EnabledOspf Cost Ospf Area Ospf Area Dialog Box Add Ospf Area Dialog Box Stub Default Cost Ospf Authentication TypeEnable Stub Area Ospf 259 Ospf Area Name Ospf Virtual Link Net Range Dialog Box Ospf Virtual Link Dialog Box Enable Virtual LinkOspf 261 Add Ospf Virtual Link Dialog Box Transit Area Virtual Transit DelayOspf Packet Authentication Key Virtual Retransmission BGP General Dialog Box Enable BGPBGP 263 BGP General Dialog Box BGP Local Preference BGP Aggregates Dialog BoxBGP Use IPR Filters BGP 265 BGP Peer Configs Dialog BoxBGP Peer Configs Dialog Box Add BGP Aggregate Dialog Box Input Route Map BGP Peer Config NameEnable Ebgp Multihop Output Route Map IP Loopback Dialog Box BGP Peers Dialog Box BGP Peers Dialog BoxIP Loopback Add BGP Peer Dialog Box BGP Route Maps Editor Dialog Box BGP 269 BGP Route Maps Dialog Box BGP Route Map Editor Dialog Box Buttons & Controls Enter Data Dialog Box BGP Route Mapping RulesBGP 271 Action Direction Options/Output Modifiers BGP 273 Special Communities Options/Input Modifiers BGP Networks Dialog Box BGP NetworksBGP Network Dialog Box BGP 275 Subnet Mask 276 Appendices 277 IP Addresses Appendices Chart 1 IP Address ClassesChart 2 Standard IP Subnets Subnet Masks Appendices 279 Chart 3 Subnetted Class C Host RangesBroadcast Addresses Assigning a Subnet Mask Chart 4 Broadcast Address ExamplesAssigning an IP address Assigning a Broadcast Address Appendices 281 Static Routes & Routing Protocols IPXIPX Routing Basics 282 Appendices 283 Service Advertising ProtocolClient Machine Addressing AppleTalk AppleTalk Routing Basics Non-extended and Extended AppleTalk Networks Appendices 285Seeding a Network Segment Probing Zones Appendices 287 Router AutoconfigurationBridging Bridging Basics Transparent Bridging Spanning Tree Bridging Appendices 289 Multiport Bridges/Switches and Bridge GroupsSimple Bridging Example Bridge Groups on a Multiport Router Virtual Circuits Frame RelayAppendices 291 Addressing Encapsulation and Fragmentation Local & Global DLCIsLocal Management Interface LMI Network/Protocol Addressing and Virtual Interfaces Frame Relay Example Appendices 293Frame Relay Example Page Symbols Index 295 Index Index 297 IPX Index 299 TCP/IP See also, TCP/IP Index 301 NAT Index 303 RIP UDP Index 305 Dlci Index 307 Radius