Sony 2140847 38 2140847

AirLink Helix User Guide

38 2140847

Command Description

VPN 1 Type Tunnel Disabled or IPsec tunnel. Use this option to enable or disable the VPN tunnel. If

custom settings are used, they will be saved and the tunnel can be disabled and re-

enabled without needing to reenter any of the settings. The IPsec VPN employs the IKE

(Internet Key Exchange) protocol to set up a SecurityAssociation (SA) between the Helix

and a Cisco (or Cisco compatible) enterprise VPN server. IPSec consists of two phases to

setup an SA between peer VPNs. Phase 1 creates a secure channel between the Helix

VPN and the enterprise VPN, thereby enabling IKE exchanges. Phase 2 sets up the IPSec

SA that is used to securely transmit enterprise data. For a successful configuration, all

settings for the VPN tunnel must be identical between the Helix VPN and the enterprise

VPN server.

VPN1 Status Disabled, Not Connected, or Connected. This indicates the current status of the VPN

connection. Use this as part of troubleshooting a VPN connection.

SNTP Server Address The Simple Network Time Protocol Server (SNTP) ensures the clock on the Helix VPN is

synchronized to standard time. The default NTP server is pool.ntp.org. You can specify any

preferred NTP server. Both the VPN server and client must use the same SNTP address.

VPN Gateway

Address The IP address of the server that this client connects to. This IP address must be open to

connections from the Helix Box.

Remote Subnet (IP

Addr Mask) The default configuration is 0.0.0.0/0 which will direct all traffic over the GRE tunnel.

Pre-shared Key 1 Pre-shared Key (PSK) used to initiate the VPN tunnel.

My Identity If these fields are left blank, My Identity will default to the WAN IP address assigned by the

carrier and Peer Identity will default to the VPN Server IP. For a fully qualified domain name

(FQDN), these values should be preceded by an ‘@’character (@www.domain.com). For

user-FQDN, these values should include a username (user@domain.com)

Peer Identity Required in some configurations to identify the client or peer side of a VPN connection.

This defaults to the VPN server IP address.

Negotiation Mode Main Mode or Aggressive. To operate the onboard VPN under Aggressive mode, enable

this configuration. By default the Helix operates under Main Mode. Aggressive mode offers

increased performance at the expense of security.

IKE Encryption

Algorithm DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/

decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.

AES (Advanced Encryption Standard) is supports 128 bit encryption.

IKE Authentication

Algorithm SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a

128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit

digest.

IPSec Encryption

Algorithm DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/

decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.

AES (Advanced Encryption Standard) supports 128 bit encryption.

IPSec Authentication

Algorithm SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a

128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit

digest.

IKE SA Life Time 180 to 86400. Determines how long the VPN tunnel is active in seconds. The default value

is 28,800 seconds, or 8 hours