Chapter 8 Security

This screen contains the following fields:

Table 60 IPSec VPN: Add

LABEL

DESCRIPTION

Property

 

 

 

Enable

Select Enable to activate this VPN policy.

 

 

Connection

Enter the name of the VPN connection.

Name

 

 

 

Connection

Select the scenario that best describes your intended VPN connection.

Type

Initiator - Choose this to connect to an IPSec server. The WiMAX Device is

 

 

the client (dial-in user) and can initiate the VPN connection.

 

• On Demand - Choose this if the remote IPSec router has a static IP address

 

or a domain name. This WiMAX Device can initiate the VPN tunnel.

 

• Responder - Choose this to allow incoming connections from IPSec VPN

 

clients. The clients can have dynamic IP addresses and are also known as

 

dial-in users. Only the clients can initiate the VPN tunnel.

 

 

Gateway Information

Local Endpoint

Interface

Select the interface for the VPN gateway.

 

 

IP Address

Enter the IP address of the WiMAX Device in the IKE SA.

 

 

Remote Endpoint

 

 

IP Address

Enter the IP address of the remote IPSec router in the IKE SA.

 

 

Authentication Method

Pre-Shared

Type your pre-shared key in this field. A pre-shared key identifies a

Key

communicating party during a phase 1 IKE negotiation.

 

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal

 

("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero

 

x), which is not counted as part of the 16 to 62 character range for the key. For

 

example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal

 

and “0123456789ABCDEF” is the key itself.

 

 

Local ID Type

Select IP to identify the WiMAX Device by its IP address.

 

Select Domain Name to identify this WiMAX Device by a domain name.

 

Select E-mailto identify this WiMAX Device by an e-mail address.

 

 

Content

When you select IP in the Local ID Type field, type the IP address of your

 

computer in the Content field. If you configure the Content field to 0.0.0.0 or

 

leave it blank, the WiMAX Device automatically uses the Pre-Shared Key (refer

 

to the Pre-Shared Key field description).

 

It is recommended that you type an IP address other than 0.0.0.0 in the

 

Content field or use the Domain Name or E-mail ID type in the following

 

situations.

 

• When there is a NAT router between the two IPSec routers.

 

• When you want the remote IPSec router to be able to distinguish between

 

VPN connection requests that come in from IPSec routers with dynamic WAN

 

IP addresses.

 

When you select Domain Name or E-mailin the Local ID Type field, type a

 

domain name or e-mail address by which to identify this WiMAX Device in the

 

Local Content field. Use up to 31 ASCII characters including spaces, although

 

trailing spaces are truncated. The domain name or e-mail address is for

 

identification purposes only and can be any string.

 

 

140

 

WiMAX Device Configuration User’s Guide