Chapter 12 IPSec VPN

Table 75 Security > IPSec VPN > IPSec Setting > Manual (continued)

LABEL

DESCRIPTION

Local ID Type

Select IP to identify this P-2812HNU-51c by its IP address.

 

Select DNS to identify this P-2812HNU-51c by a domain name.

 

Select E-mailto identify this P-2812HNU-51c by an e-mail address.

 

Select ASN1DN (Abstract Syntax Notation one - Distinguished Name)

 

to identify the remote IPSec router by the subject field in a certificate.

 

This is used only with certificate-based authentication.

 

 

Local ID Content

When you select IP in the Local ID Type field, type the IP address of

 

your computer in the Local ID Content field.

 

When you select DNS or E-mailin the Local ID Type field, type a

 

domain name or e-mail address by which to identify this P-2812HNU-

 

51c in the Local ID Content field. Use up to 31 ASCII characters

 

including spaces, although trailing spaces are truncated. The domain

 

name or e-mail address is for identification purposes only and can be

 

any string.

 

 

Peer ID Type

Select IP to identify the remote IPSec router by its IP address.

 

Select DNS to identify the remote IPSec router by a domain name.

 

Select E-mailto identify the remote IPSec router by an e-mail

 

address.

 

Select ASN1DN (Abstract Syntax Notation one - Distinguished Name)

 

to identify the remote IPSec router by the subject field in a certificate.

 

This is used only with certificate-based authentication.

 

 

Content

The configuration of the peer content depends on the peer ID type.

 

For IP, type the IP address of the computer with which you will make

 

the VPN connection.

 

For DNS or E-mail, type a domain name or e-mail address by which to

 

identify the remote IPSec router. Use up to 31 ASCII characters

 

including spaces, although trailing spaces are truncated. The domain

 

name or e-mail address is for identification purposes only and can be

 

any string.

 

 

Phase 1/Phase 2

 

 

 

Mode

Select Main or Aggressive from the drop-down list box. Multiple SAs

 

connecting through a secure gateway must have the same negotiation

 

mode.

 

 

Encryption

Select DES, 3DES, AES-128, ES-192or AES-256from the drop-

Algorithm

down list box.

 

When you use one of these encryption algorithms for data

 

communications, both the sending device and the receiving device

 

must use the same secret key, which can be used to encrypt and

 

decrypt the message or to generate and verify a message

 

authentication code. The DES encryption algorithm uses a 56-bit key.

 

Triple DES (3DES) is a variation on DES that uses a 168-bit key. As a

 

result, 3DES is more secure than DES. It also requires more

 

processing power, resulting in increased latency and decreased

 

throughput. This implementation of AES uses a 128-bit, 192-bit or

 

256-bit key. AES is faster than 3DES.

 

 

 

265

P-2812HNU-51c User’s Guide