Security

 

Table 3: IPSec Tunnel Details page parameters

 

 

PAT Address

If NAT is enabled, this field appears. You can specify a Port Address Trans-

 

lation (PAT) address or leave the default all-zeroes (if Xauth is enabled). If

 

you leave the default. the address will be requested from the remote router

 

and dynamically applied to the Gateway.

Negotiation

This parameter refers to the method used during the Phase I key

Method

exchange, or IKE process. SafeHarbour supports Main or Aggressive

 

Mode. Main mode requires 3 two-way message exchanges while Aggres-

 

sive mode only requires 3 total message exchanges.

Local ID type

If Aggressive mode is selected as the Negotiation Method, this option

 

appears. Selection options are: IP Address, Subnet, Hostname, ASCII

Local ID Address/

If Aggressive mode is selected as the Negotiation Method, this field

Value

appears. This is the local (Gateway-side) IP address (or Name Value, if Sub-

 

net or Hostname are selected as the Local ID Type).

Local ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as

 

the Local ID Type, this field appears. This is the local (Gateway-side) sub-

 

net mask.

Remote ID Type

If Aggressive mode is selected as the Negotiation Method, this option

 

appears. Selection options are: IP Address, Subnet, Hostname, ASCII.

Remote ID

If Aggressive mode is selected as the Negotiation Method, this field

Address/Value

appears. This is the remote (central-office-side) IP address (or Name Value,

 

if Subnet or Hostname are selected as the Local ID Type).

Remote ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as

 

the Remote ID Type, this field appears. This is the remote (central-office-

 

side) subnet mask.

Pre-Shared Key

The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour sup-

Type

ports ASCII or HEX types

Pre-Shared Key

The Pre-Shared Key is a parameter used for authenticating each side. The

 

value can be ASCII or Hex and a maximum of 64 characters. ASCII is case-

 

sensitive.

DH Group

Diffie-Hellman is a public key algorithm used between two systems to

 

determine and deliver secret keys used for encryption. Groups 1, 2 and 5

 

are supported.

PFS Enable

Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS

 

is selected, a Diffie-Hellman key exchange is required. If enabled, the PFS

 

DH group follows the IKE phase 1 DH group.

SA Encrypt Type

SA Encryption Type refers to the symmetric encryption type. This encryp-

 

tion algorithm will be used to encrypt each data packet. SA Encryption

 

Type values supported include DES and 3DES.

137

Page 136 Page 138
Page 137
Image 137
Netopia 2200 manual 137, PAT Address
Page 136 Page 138
Top Page Image Contents