Planet Technology ADW-4302A v2, ADW-4302B v2 IKE, Type, Type, Data, Direction, (DH) Group, Encryption, SA Life Time, Exchange Mode, SA Parameters, Pre-sharedKey, Diffie-Hellman, Local Identity

Advanced Features

IKE

Direction	This setting is used when determining if the IKE policy
	matches the current traffic. Select the desired option.
	• Responder only - Incoming connections are allowed, but
	outgoing connections will be blocked.
	• Initiator and Responder - Both incoming and outgoing
	connections are allowed.

Exchange Mode	IPSec has 2 possibilities - "Main Mode" and "Aggressive
	Mode".
	Currently, only "Main Mode" is supported. Ensure the remote
	VPN endpoint is set to use "Main Mode".

Diffie-Hellman	The Diffie-Hellman algorithm is used when exchanging keys.
(DH) Group	The DH Group setting determines the number of bit size
	used in the exchange. This value must match the value used
	on the remote VPN Gateway.
Local Identity	Select the desired option to match the "Remote Identity
Type	Type" setting on the remote VPN endpoint.
	• WAN IP Address - your Internet IP address.
	• Fully Qualified Domain Name - your domain name.
	• Fully Qualified User Name - your name, E-mail address,
	or other ID.

Remote Identity	Select the desired option to match the "Local Identity Type"
Type	setting on the remote VPN endpoint.
	• IP Address - The Internet IP address of the remote VPN
	endpoint.
	• Fully Qualified Domain Name - the Domain name of the
	remote VPN endpoint.
	• Fully Qualified User Name - the name, E-mail address, or
	other ID of the remote VPN endpoint.

Remote Identity	Enter the data for the selection above. (If "IP Address" is
Data	selected, no input is required.)
SA Parameters
Encryption	Encryption Algorithm used for both IKE and IPSec. This
	setting must match the setting used on the remote VPN
	Gateway.
Authentication	Authentication Algorithm used for both IKE and IPSec. This
	setting must match the setting used on the remote VPN
	Gateway.

Pre-shared Key	The key must be entered both here and on the remote VPN
	Gateway. This method does not require using a CA (Certifi-
	cate Authority).

SA Life Time	This determines the time interval before the SA (Security
	Association) expires. (It will automatically be re-established if
	necessary.) While using a short time period (or data amount)
	increases security, it also degrades performance. It is com-
	mon to use periods over an hour (3600 seconds) for the SA
	Life Time. This setting applies to both IKE and IPSec SAs.