6: Basic Parameters

 

 

 

 

Remote Id

How the remote host should be identified for authentication. The Id is used

 

 

to select the proper credentials for communicating with the remote host.

 

 

 

 

Remote Hop/Router

If the remote host is behind a gateway, this specifies the IP address of the

 

 

gateway's public network interface.

 

 

 

 

Remote Subnet(s)

One or more subnets behind the remote host, expressed in CIDR notation

 

 

(IP address/mask bits). If multiple subnets are specified, the subnets should

 

 

be separated by a comma.

 

 

 

 

Local Id

How the SLC 8000 advanced console manager should be identified for

 

 

authentication. The Id is used by the remote host to select the proper

 

 

credentials for communicating with the SLC advanced console manager.

 

 

 

 

Local Hop/

If the SLC unit is behind a gateway, this specifies the IP address of the

 

Router

gateway's public network interface.

 

 

 

 

Local Subnet(s)

One or more subnets behind the SLC 8000 advanced console manager,

 

 

expressed in CIDR notation (IP address/mask bits). If multiple subnets are

 

 

specified, the subnets should be separated by a comma.

 

 

 

 

IKE Negotiation

The Internet Key Exchange (IKE) protocol is used to exchange security

 

 

options between two hosts who want to communicate via IPSec. The first

 

 

phase of the protocol authenticates the two hosts to each other and

 

 

establishes the Internet Security Association Key Management Protocol

 

 

Security Association (ISAKMP SA). The second phase of the protocol

 

 

establishes the cryptographic parameters for protecting the data passed

 

 

through the tunnel, which is the IPSec Security Association (IPSec SA). The

 

 

IPSec SA can periodically be renegotiated to ensure security. The IKE

 

 

protocol can use one of two modes: Main Mode, which provides identity

 

 

protection and takes longer, or Aggressive Mode, which provides no

 

 

identity protection but is quicker. With Aggressive Mode, there is no

 

 

negotiation of which cryptographic parameters will be used; each side must

 

 

give the correct cryptographic parameters in the initial package of the

 

 

exchange, otherwise the exchange will fail. If Aggressive Mode is used, the

 

 

IKE Encryption, IKE Authentication, and IKE DH Group must be

 

 

specified.

 

 

 

 

IKE Encryption

The type of encryption, 3DES or AES, used for IKE negotiation. Any can be

 

 

selected if the two sides can negotiate which type of encryption to use.

 

 

 

 

Authentication (IKE)

The type of authentication, SHA1 or MD5, used for IKE negotiation. Any

 

 

can be selected if the two sides can negotiate which type of authentication

 

 

to use.

 

 

 

 

DH Group (IKE)

The Diffie-Hellman Group, 2 or 5, used for IKE negotiation. Any can be

 

 

selected if the two sides can negotiate which Diffie-Hellman Group to use.

 

 

 

 

ESP Encryption

The type of encryption, 3DES or AES, used for encrypting the data sent

 

 

through the tunnel. Any can be selected if the two sides can negotiate

 

 

which type of encryption to use.

 

 

 

 

Authentication (ESP)

The type of authentication, SHA1 or MD5, used for authenticating data sent

 

 

through the tunnel. Any can be selected if the two sides can negotiate

 

 

which type of authentication to use.

 

 

 

 

DH Group (ESP)

The Diffie-Hellman Group, 2 or 5, used for the key exchange for data sent

 

 

through the tunnel. Any can be selected if the two sides can negotiate

 

 

which Diffie-Hellman Group to use.

 

 

 

SLC™ 8000 Advanced Console Manager User Guide

71

Page 71
Image 71
Lantronix SLC 8000 manual Remote Id, Remote Hop/Router, Remote Subnets, Local Id, Local Hop, Local Subnets, IKE Negotiation