Advanced Features

IKE
Direction

This setting is used when determining if the IKE policy

 

matches the current traffic. Select the desired option.

 

Responder only - Incoming connections are allowed, but

 

outgoing connections will be blocked.

 

Initiator and Responder - Both incoming and outgoing

 

connections are allowed.

 

 

Exchange Mode

IPSec has 2 possibilities - "Main Mode" and "Aggressive

 

Mode".

 

Currently, only "Main Mode" is supported. Ensure the remote

 

VPN endpoint is set to use "Main Mode".

 

 

Diffie-Hellman

The Diffie-Hellman algorithm is used when exchanging keys.

(DH) Group

The DH Group setting determines the number of bit size

 

used in the exchange. This value must match the value used

 

on the remote VPN Gateway.

Local Identity

Select the desired option to match the "Remote Identity

Type

Type" setting on the remote VPN endpoint.

 

WAN IP Address - your Internet IP address.

 

Fully Qualified Domain Name - your domain name.

 

Fully Qualified User Name - your name, E-mail address,

 

or other ID.

 

 

Remote Identity

Select the desired option to match the "Local Identity Type"

Type

setting on the remote VPN endpoint.

 

IP Address - The Internet IP address of the remote VPN

 

endpoint.

 

Fully Qualified Domain Name - the Domain name of the

 

remote VPN endpoint.

 

Fully Qualified User Name - the name, E-mail address, or

 

other ID of the remote VPN endpoint.

 

 

Remote Identity

Enter the data for the selection above. (If "IP Address" is

Data

selected, no input is required.)

SA Parameters

 

Encryption

Encryption Algorithm used for both IKE and IPSec. This

 

setting must match the setting used on the remote VPN

 

Gateway.

Authentication

Authentication Algorithm used for both IKE and IPSec. This

 

setting must match the setting used on the remote VPN

 

Gateway.

 

 

Pre-shared Key

The key must be entered both here and on the remote VPN

 

Gateway. This method does not require using a CA (Certifi-

 

cate Authority).

 

 

SA Life Time

This determines the time interval before the SA (Security

 

Association) expires. (It will automatically be re-established if

 

necessary.) While using a short time period (or data amount)

 

increases security, it also degrades performance. It is com-

 

mon to use periods over an hour (3600 seconds) for the SA

 

Life Time. This setting applies to both IKE and IPSec SAs.

 

 

81