Server IP Address or
FQDN
Chapter 3
Configuration via Local Pages
Fill out the publicly known network location of the remote Gateway. You can specify the public IP address, if it is invariable and known. More often, the publicly known FQDN (such as vpn.corporate.com) will be used.
When you specify an IP address, the SpeedTouch™ expects the VPN server ! to use an IP address as identifier during the IKE negotiations. When an
FQDN is specified, the SpeedTouch™ expects the VPN server to use an FQDN as well. If you encounter problems during the IKE negotiations, a possible cause may be that different identity types are used by client and server. You can check this via the VPN > Debug > Logging page.
Backup Server IP Address or FQDN
IKE Security Descriptor
This field can optionally be filled out in a configuration with a backup VPN server. If no backup VPN server is available, you leave this field open.
The IKE Security Descriptor bundles the security parameters used for the IKE Security Association (Phase1).
A number of IKE Security Descriptors are
For example, the
Parameter | Value for AES_MD5 |
|
|
Cryptographic function | AES |
|
|
Hash function | |
|
|
MODP768 (= group 1) | |
|
|
IKE SA lifetime in seconds. | 3600 seconds (= 1 hour) |
|
|
The contents of the IKE Security Descriptors can be verified via Advanced > Peers > Security Descriptors.
It is recommended to use AES as preferred encryption method. AES is more advanced, compared to DES or 3DES. It is faster for comparable key lengths, and provides better security.
53 | |
|
