Table of Contents
Advertisement
220 Appendix D Configuring for interoperability
7
8
9
10 Set Perfect Forward Secrecy (PFS) to match the client side.
11 In the Rekey Time-out section, enter the amount of time you want to limit the
12 In the Rekey Data Count section, you can choose to set a rekey data count
Configuring the VPN Router as a user tunnel
If you have third-party client software that supports Aggressive mode IPsec, you
can configure the VPN Router as a user tunnel. You must use either the LDAP
database or the certificate authentication. The VPN Router supports both
preshared key and RSA digital signature authentication methods and you must
specify one of these methods.
Nortel recommends enabling split tunnels for all groups that support third-party
clients. If you disable split tunneling, third-party clients can connect only if you
configure the group to allow undefined networks. This means that the client can
establish IPsec security associations for all networks. If you do not enable split
tunneling, you must enable the Allow undefined networks option.
Figure 13
NN46110-602
then select a default server certificate from the list. You configure servers
from the System > Certificates window.
Select Profiles > Branch Office, click Edit, scroll down to the IPsec section
and click Configure.
The Branch Office window appears.
Select the encryption type supported by your third-party client.
Select Enable or Disable for the VendorID.
lifetime of a single key used to encrypt data. The default is 08:00:00 (8 hours).
depending on how much data you expect to transmit through the tunnel with a
single key. The default is 0 KB; a setting of 0 disables this count.
shows a network with a split tunneling environment.
Advertisement
Table of Contents
Troubleshooting
