Administrator’s Handbook

 

Table 3: IPSec Tunnel Details page parameters

 

 

Local ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as

 

the Local ID Type, this field appears. This is the local (Gateway-side) sub-

 

net mask.

Remote ID Type

If Aggressive mode is selected as the Negotiation Method, this option

 

appears. Selection options are: IP Address, Subnet, Hostname, ASCII.

Remote ID

If Aggressive mode is selected as the Negotiation Method, this field

Address/Value

appears. This is the remote (central-office-side) IP address (or Name Value,

 

if Subnet or Hostname are selected as the Local ID Type).

Remote ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as

 

the Remote ID Type, this field appears. This is the remote (central-office-

 

side) subnet mask.

Pre-Shared Key

The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour sup-

Type

ports ASCII or HEX types

Pre-Shared Key

The Pre-Shared Key is a parameter used for authenticating each side. The

 

value can be ASCII or Hex and a maximum of 64 characters. ASCII is case-

 

sensitive.

DH Group

Diffie-Hellman is a public key algorithm used between two systems to

 

determine and deliver secret keys used for encryption. Groups 1, 2 and 5

 

are supported.

PFS Enable

Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS

 

is selected, a Diffie-Hellman key exchange is required. If enabled, the PFS

 

DH group follows the IKE phase 1 DH group.

SA Encrypt Type

SA Encryption Type refers to the symmetric encryption type. This encryp-

 

tion algorithm will be used to encrypt each data packet. SA Encryption

 

Type values supported include DES and 3DES.

SA Hash Type

SA Hash Type refers to the Authentication Hash algorithm used during SA

 

negotiation. Values supported include MD5 and SHA1. N/A will display if

 

NONE is chosen for Auth Protocol.

Invalid SPI

Enabling this allows the Gateway to re-establish the tunnel if either the

Recovery

Motorola Netopia® Gateway or the peer gateway is rebooted.

Soft MBytes

Setting the Soft MBytes parameter forces the renegotiation of the IPSec

 

Security Associations (SAs) at the configured Soft MByte value. The value

 

can be configured between 1 and 1,000,000 MB and refers to data traffic

 

passed. If this value is not achieved, the Hard MBytes parameter is

 

enforced. This parameter does not need to match the peer gateway.

Soft Seconds

Setting the Soft Seconds parameter forces the renegotiation of the IPSec

 

Security Associations (SAs) at the configured Soft Seconds value. The

 

value can be configured between 60 and 1,000,000 seconds. This param-

 

eter does not need to match the peer gateway.

Hard MBytes

Setting the Hard MBytes parameter forces the renegotiation of the IPSec

 

Security Associations (SAs) at the configured Hard MByte value.

 

The value can be configured between 1 and 1,000,000 MB and refers to

 

data traffic passed. This parameter does not need to match the peer gate-

 

way.

Hard Seconds

Setting the Hard Seconds parameter forces the renegotiation of the IPSec

 

Security Associations (SAs) at the configured Hard Seconds value. The

 

value can be configured between 60 and 1,000,000 seconds This parame-

 

ter does not need to match the peer gateway.

152

Page 151 Page 153
Page 152
Image 152
Motorola 7000, 3352N, 3342, 2200 manual 152, Address/Value
Page 151 Page 153
Top Page Image Contents