Advanced Features
Direction | This setting is used when determining if the IKE policy |
| matches the current traffic. Select the desired option. |
| • Responder only - Incoming connections are allowed, but |
| outgoing connections will be blocked. |
| • Initiator and Responder - Both incoming and outgoing |
| connections are allowed. |
|
|
Exchange Mode | IPSec has 2 possibilities - "Main Mode" and "Aggressive |
| Mode". |
| Currently, only "Main Mode" is supported. Ensure the remote |
| VPN endpoint is set to use "Main Mode". |
|
|
The | |
(DH) Group | The DH Group setting determines the number of bit size |
| used in the exchange. This value must match the value used |
| on the remote VPN Gateway. |
Local Identity | Select the desired option to match the "Remote Identity |
Type | Type" setting on the remote VPN endpoint. |
| • WAN IP Address - your Internet IP address. |
| • Fully Qualified Domain Name - your domain name. |
| • Fully Qualified User Name - your name, |
| or other ID. |
|
|
Remote Identity | Select the desired option to match the "Local Identity Type" |
Type | setting on the remote VPN endpoint. |
| • IP Address - The Internet IP address of the remote VPN |
| endpoint. |
| • Fully Qualified Domain Name - the Domain name of the |
| remote VPN endpoint. |
| • Fully Qualified User Name - the name, |
| other ID of the remote VPN endpoint. |
|
|
Remote Identity | Enter the data for the selection above. (If "IP Address" is |
Data | selected, no input is required.) |
SA Parameters |
|
Encryption | Encryption Algorithm used for both IKE and IPSec. This |
| setting must match the setting used on the remote VPN |
| Gateway. |
Authentication | Authentication Algorithm used for both IKE and IPSec. This |
| setting must match the setting used on the remote VPN |
| Gateway. |
|
|
The key must be entered both here and on the remote VPN | |
| Gateway. This method does not require using a CA (Certifi- |
| cate Authority). |
|
|
SA Life Time | This determines the time interval before the SA (Security |
| Association) expires. (It will automatically be |
| necessary.) While using a short time period (or data amount) |
| increases security, it also degrades performance. It is com- |
| mon to use periods over an hour (3600 seconds) for the SA |
| Life Time. This setting applies to both IKE and IPSec SAs. |
|
|
81