Chapter 12 IPSec VPN
Table 74 Security > IPSec VPN > IPSec Setting > IKE (continued)
LABEL | DESCRIPTION |
IP | When the remote IP address type is configured to Single Address, |
Subnetmask | this field is not available. |
| When the remote IP address type is configured to Subnet, enter a |
| subnet mask on the network behind the remote IPSec router. |
|
|
Protocol | This field displays ESP and the |
| (Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406) |
| provides encryption as well as some of the services offered by AH. |
|
|
Key Exchange | Select Auto(IKE) or Manual from the |
Method | provides more protection so it is generally recommended. Manual is a |
| useful option for troubleshooting if you have problems using |
| Auto(IKE) key management. |
|
|
Authentication | Select |
Method | |
| negotiation. It is called |
| another party before you can communicate with them over a secure |
| connection. |
| Select Certificates (X.509) to use a certificate for authentication. |
|
|
This field is available only when you select | |
| Authentication Method field. |
| Type from 8 to 31 |
| hexadecimal |
| hexadecimal key with a "0x” (zero x), which is not counted as part of |
| the 16 to 62 character range for the key. For example, in |
| "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal |
| and “0123456789ABCDEF” is the key itself. |
| Both ends of the VPN tunnel must use the same |
| will receive a “PYLD_MALFORMED” (payload malformed) packet if the |
| same |
|
|
Certificates | This field is available only when you select Certificates in the |
| Authentication Method field. |
| Select the certificate you want to use from the |
| can create, import and configure certificates in the Security > |
| Certificates screens. |
|
|
NAT Traversal | Select Enable if you want to set up a VPN tunnel when there are NAT |
| routers between the |
| remote IPSec router must also enable NAT traversal, and the NAT |
| routers have to forward UDP port 500 packets to the remote IPSec |
| router behind the NAT router. Otherwise, select Disable. |
|
|
Advanced IKE | Click Show Advanced Settings to display and configure more |
Settings | detailed settings of your IKE key management. Otherwise, click Hide |
| Advanced Settings. |
|
|
Enable Manual | Select this option to specify how to identify the |
ID Type | remote IPSec router. |
|
|
| 259 |
|
|