Chapter 12 IPSec VPN

Table 74 Security > IPSec VPN > IPSec Setting > IKE (continued)

LABEL

DESCRIPTION

IP

When the remote IP address type is configured to Single Address,

Subnetmask

this field is not available.

 

When the remote IP address type is configured to Subnet, enter a

 

subnet mask on the network behind the remote IPSec router.

 

 

Protocol

This field displays ESP and the P-2812HNU-51c uses ESP

 

(Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406)

 

provides encryption as well as some of the services offered by AH.

 

 

Key Exchange

Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE)

Method

provides more protection so it is generally recommended. Manual is a

 

useful option for troubleshooting if you have problems using

 

Auto(IKE) key management.

 

 

Authentication

Select Pre-Shared Key to use a pre-shared key for authentication. A

Method

pre-shared key identifies a communicating party during a phase 1 IKE

 

negotiation. It is called "pre-shared" because you have to share it with

 

another party before you can communicate with them over a secure

 

connection.

 

Select Certificates (X.509) to use a certificate for authentication.

 

 

Pre-Shared Key

This field is available only when you select Pre-Shared Key in the

 

Authentication Method field.

 

Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62

 

hexadecimal ("0-9", "A-F") characters. You must precede a

 

hexadecimal key with a "0x” (zero x), which is not counted as part of

 

the 16 to 62 character range for the key. For example, in

 

"0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal

 

and “0123456789ABCDEF” is the key itself.

 

Both ends of the VPN tunnel must use the same pre-shared key. You

 

will receive a “PYLD_MALFORMED” (payload malformed) packet if the

 

same pre-shared key is not used on both ends.

 

 

Certificates

This field is available only when you select Certificates in the

 

Authentication Method field.

 

Select the certificate you want to use from the drop-down list box. You

 

can create, import and configure certificates in the Security >

 

Certificates screens.

 

 

NAT Traversal

Select Enable if you want to set up a VPN tunnel when there are NAT

 

routers between the P-2812HNU-51c and remote IPSec router. The

 

remote IPSec router must also enable NAT traversal, and the NAT

 

routers have to forward UDP port 500 packets to the remote IPSec

 

router behind the NAT router. Otherwise, select Disable.

 

 

Advanced IKE

Click Show Advanced Settings to display and configure more

Settings

detailed settings of your IKE key management. Otherwise, click Hide

 

Advanced Settings.

 

 

Enable Manual

Select this option to specify how to identify the P-2812HNU-51c and

ID Type

remote IPSec router.

 

 

 

259

P-2812HNU-51c User’s Guide