LevelOne Broadband VPN Gateway User Guide

These settings must match the remote VPN. Note that you cannot use both AH and ESP.

Manually assigned Keys

AH Authentication AH (Authentication Header) specifies the authentication protocol for the VPN header, if used. (AH is often NOT used)

If AH is not enabled, the following settings can be ignored.

Keys

• The "in" key here must match the "out" key on the remote VPN, and the "out" key here must match the "in" key on the remote VPN.

• Keys can be in ASCII or Hex (0..9 A..F)

• For MD5, the keys should be 32 hex/16 ASCII characters.

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

 

SPI

 

• Each SPI (Security Parameter Index) must be unique.

 

• The "in" SPI here must match the "out" SPI on the remote

 

VPN, and the "out" SPI here must match the "in" SPI on the

 

remote VPN.

 

• Each SPI should be at least 3 characters.

 

 

ESP Encryption

ESP (Encapsulating Security Payload) provides security for the

 

payload (data) sent through the VPN tunnel. Generally, you will

 

want to enable both Encryption and Authentication.

 

• The "3DES" algorithm provides greater security than "DES",

 

but is slower.

 

• The "in" key here must match the "out" key on the remote

 

VPN, and the "out" key here must match the "in" key on the

 

remote VPN.

 

 

ESP Authentication

Generally, you should enable ESP Authentication. There is little

 

difference between the available algorithms. Just ensure each

 

endpoint use the same setting.

 

• The "in" key here must match the "out" key on the remote

 

VPN, and the "out" key here must match the "in" key on the

 

remote VPN.

 

• Keys can be in ASCII or Hex (0..9 A..F)

 

• For MD5, the keys should be 32 hex/16 ASCII characters.

 

• For SHA-1, the keys should be 40 hex/20 ASCII characters.

ESP SPI

This is required if either ESP Encryption or ESP Authentica-

 

tion is enabled.

 

• Each SPI (Security Parameter Index) must be unique.

 

• The "in" SPI here must match the "out" SPI on the remote

 

VPN, and the "out" SPI here must match the "in" SPI on the

 

remote VPN.

 

• Each SPI should be at least 3 characters.

For Manual Key Exchange, configuration is now complete.

76

Page 79
Image 79
LevelOne FBR-1404TX user manual Manually assigned Keys, ESP Encryption, ESP Authentication, Tion is enabled