Port
IPSec Security
Descriptors
Page layout with additional Descriptors
Chapter 3
Configuration via Local Pages
If the tcp or udp protocol is selected for the protocol parameter, then the access to the IPSec connection can be further restricted to a single port. Many
Separate fields are foreseen for the local and remote ports. Typically, identical values are selected for both fields. In almost all cases, the value any is the most appropriate choice.
If you want to restrict the ports on your secure VPN link, and you need multiple ports, then you define a new connection for every individual port. Separate IPSec tunnels will be established for each port.
The IPSec Security Descriptor bundles the security parameters used for the Phase 2 Security Association.
A number of IPSec Security Descriptors are
For example, the
Parameter | Value for AES_MD5_TUN |
|
|
Cryptographic function | AES |
|
|
Hash function | |
|
|
Use of Perfect Forward Secrecy | no |
|
|
IPSec SA lifetime in seconds. | 86400 seconds (= 24 hours) |
|
|
IPSec SA volume lifetime in kbytes. | no volume limit |
|
|
The ESP encapsulation mode | tunnel |
|
|
The contents of the IPSec Security Descriptors can be verified via the
Advanced menu.
Select Connections, and subsequently Security Descriptors.
When you click Specify Additional Descriptors, the IPSEC Security Descriptors area of the page is updated and shows additional fields where you can specify up to four alternative IPSec Security Descriptors:
These will be used as alternative valid proposals in the Phase 2 negotiations.
49 | |
|
