Prestige 652H/HW

 

 

Table 10 VPN IKE

 

 

 

 

 

LABEL

DESCRIPTION

 

 

 

 

 

 

Content

When you select IP in the Peer ID Type field, type the IP address of the computer with

 

 

 

which you will make the VPN connection or leave the field blank to have the Prestige

 

 

 

automatically use the address in the Secure Gateway IP Address field.

 

 

 

When you select DNS in the Peer ID Type field, type a domain name (up to 31

 

 

 

characters) by which to identify the remote IPSec router.

 

 

 

When you select E-mailin the Peer ID Type field, type an e-mail address (up to 31

 

 

 

characters) by which to identify the remote IPSec router.

 

 

 

The domain name or e-mail address that you use in the Content field is used for

 

 

 

identification purposes only and does not need to be a real domain name or e-mail

 

 

 

address. The domain name also does not have to match the remote router's IP address

 

 

 

or what you configure in the Secure Gateway IP Address field below.

 

 

 

 

 

 

Secure Gateway

Type the WAN IP address or the URL (up to 31 characters) of the IPSec router with

 

 

IP Address

which you're making the VPN connection. Set this field to 0.0.0.0 if the remote IPSec

 

 

 

router has a dynamic WAN IP address (the Key Management field must be set to IKE).

 

 

Encapsulation

Select Tunnel mode or Transport mode from the drop-down list box.

 

 

Mode

 

 

 

VPN Protocol

Select ESP if you want to use ESP (Encapsulation Security Payload). The ESP protocol

 

 

 

(RFC 2406) provides encryption as well as some of the services offered by AH. If you

 

 

 

select ESP here, you must select options from the Encryption Algorithm and

 

 

 

Authentication Algorithm fields (described below).

 

 

 

Select AH if you want to use AH (Authentication Header Protocol). The AH protocol

 

 

 

(RFC 2402) was designed for integrity, authentication, sequence integrity (replay

 

 

 

resistance), and non-repudiation but not for confidentiality, for which the ESP was

 

 

 

designed. If you select AH here, you must select options from the Authentication

 

 

 

Algorithm field (described below).

 

 

Pre-shared Key

Type your pre-shared key in this field. A pre-shared key identifies a communicating

 

 

 

party during a phase 1 IKE negotiation. It is called "pre-shared" because you have to

 

 

 

share it with another party before you can communicate with them over a secure

 

 

 

connection. Multiple SAs connecting through a secure gateway must have the same

 

 

 

pre-shared key.

 

 

 

 

 

 

VPN Setup

Select DES, 3DES or NULL from the drop-down list box.

 

 

 

When DES is used for data communications, both sender and receiver must know the

 

 

 

same secret key, which can be used to encrypt and decrypt the message or to generate

 

 

 

and verify a message authentication code. The DES encryption algorithm uses a 56-bit

 

 

 

key. Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a result,

 

 

 

3DES is more secure than DES. It also requires more processing power, resulting in

 

 

 

increased latency and decreased throughput. Select NULL to set up a tunnel without

 

 

 

encryption. When you select NULL, you do not enter an encryption key.

 

32