Table of Contents
Advertisement
Server IP Address or
FQDN
Backup Server IP
Address or FQDN
IKE Security Descriptor
E-DOC-CTC-20051017-0169 v0.1
Fill out the publicly known network location of the remote Gateway. You can specify
the public IP address, if it is invariable and known. More often, the publicly known
FQDN (such as vpn.corporate.com) will be used.
When you specify an IP address, the SpeedTouch™ expects the VPN server
!
to use an IP address as identifier during the IKE negotiations. When an
FQDN is specified, the SpeedTouch™ expects the VPN server to use an
FQDN as well. If you encounter problems during the IKE negotiations, a
possible cause may be that different identity types are used by client and
server. You can check this via the VPN > Debug > Logging page.
This field can optionally be filled out in a configuration with a backup VPN server. If
no backup VPN server is available, you leave this field open.
The IKE Security Descriptor bundles the security parameters used for the IKE
Security Association (Phase1).
A number of IKE Security Descriptors are pre-configured in the SpeedTouch™, and
can be selected from a list. Select a Security Descriptor in compliance with the IKE
security parameters configured in the remote VPN server.
For example, the pre-configured IKE Security Descriptor AES_MD5, used in various
examples throughout this document, contains the following settings:
Parameter
Cryptographic function
Hash function
Diffie-Hellman group
IKE SA lifetime in seconds.
The contents of the IKE Security Descriptors can be verified via
Advanced > Peers > Security Descriptors.
It is recommended to use AES as preferred encryption method. AES is more
advanced, compared to DES or 3DES. It is faster for comparable key
lengths, and provides better security.
Configuration via Local Pages
Value for
AES_MD5
AES
HMAC-MD5
MODP768 (= group 1)
3600 seconds (= 1 hour)
Chapter 3
53
Advertisement
Table of Contents
