Siemens RX1500 User Manual page 655
Ruggedcom rox ii series
Hide thumbs
Also See for RX1500:
- Installation manual (60 pages) ,
- User manual (664 pages) ,
- Reference manual (148 pages)
Table of Contents
Advertisement
RUGGEDCOM ROX II
User Guide
Parameter
Authenticate By
Connection Type
address-family
Perfect Forward Secrecy
SA Lifetime
IKE Lifetime
L2TP
Monitor Interface
6.
If required, enable and configure dead peer detection. For more information, refer to
"Configuring Dead Peer
7.
If required, configure the Internet Key Exchange (IKE) protocol by adding one or more algorithms. For more
information, refer to
8.
If required, configure Encapsulated Security Payload (ESP) encryption for the connection. For more
information, refer to
9.
If required, configure the left (local router) and right (remote router) ends of the connection. For more
information, refer to
10. If required, configure L2TP tunnels. For more information, refer to
Tunnels".
Adding a Connection
Description
Synopsis: default, rsasig, secret
Default: default
The authentication method. The default value is 'default' unless overwritten by the
default connection setting.
Synopsis: tunnel, transport, passthrough, default
Default: default
The connection type/mode. Options include:
• tunnel: Encrypts traffic on host-to-host, host-to-subnet or subnet-to-subnet tunnels.
This is the default type/mode unless overwritten by the default connection setting.
• transport: Encrypts traffic on a host-to-host tunnel.
• passthrough: Traffic is not encrypted.
Synopsis: ipv4, ipv6
Default: ipv4
The address-family to run for the connection. Accepted values include 'ipv4' (default)
and 'ipv6'. All addresses used in the connection must have the same address family.
Synopsis: default, yes, no
Default: default
Enables/disables Perfect Forwarding Secrecy (PFS). When enabled, IPsec negotiates
new keys for each session. If an attacker compromises a key, only the session protected
by the key is revealed. Not all clients support PFS. The default value is 'yes' unless
overwritten by the default connection setting.
Synopsis: default,
Default: default
The lifetime in seconds for the Security Association (SA) key. This determines how long
a particular instance of a connection should last, from successful negotiation to expiry.
Normally, the connection is renegotiated before it expires. The default value is 28800
unless overwritten by the default connection setting. Peers can specify different lifetime
intervals. However, if peers do not agree, an excess of superseded connections will
occur on the peer that believes the SA lifetime is longer.
Synopsis: default,
Default: default
The lifetime in seconds for for the IKE protocol. This determines how long the IKE
keying channel of a connection should last before being renegotiated. The default value
is 3600 unless overwritten by the default connection setting. Peers can specify different
lifetime intervals. However, if peers do not agree, an excess of superseded connections
will occur on the peer that believes the IKE lifetime is longer.
Enables/disables L2TP for this connection.
The interface to monitor. If the selected interface goes down and then up, this
connection will be restarted.
Detection".
Section 5.28.7.2, "Adding an IKE Algorithm"
Section 5.28.8, "Managing the Encapsulated Security Payload (ESP) Protocol"
Section 5.28.9, "Configuring the Connection Ends"
Setup and Configuration
Section 5.28.6.3,
Section 5.29.2, "Configuring L2TP
Chapter 5
623
- Quick Links:
- Connecting Directly
Hide quick links:
Advertisement
Table of Contents
