Table of Contents
Advertisement
790
IPSec
Table 239 IPSec Remote User Account settings (Continued)
Attribute
Description
PFS Enabled
Allows you to enable Perfect Forward Secrecy (PFS).
With PFS, keys are not derived from previous keys. This ensures that one key being
compromised cannot result in the compromise of subsequent keys.
You can choose Yes or No.
The default setting is Yes.
Create Firewall
Allows you to choose which interface to generate Firewall Filter rules for. These rules are
Rules for Interface
necessary to allow packets for this Remote User tunnel through the firewall.
The default value is None which means that no rules are generated.
Idle Timeout
Allows you to specify the amount of time the tunnel can remain idle before the tunnel is closed.
You cannot set the Idle Timeout setting to less than three minutes, except to disable the
timeout by entering 00:00:00.
Enter a value from 00:03:00 to 23:59:59. The default setting is 00:15:00.
A setting of 00:00:00 disables the Idle Timeout setting.
Highest Encryption
Allows you to select the highest encryption level allowed on this IPSec tunnel.
When the encryption level is negotiated for this tunnel, Business Communications Manager
will not use any encryption level higher than the encryption level specified in this field.
For a description of the encryption levels, refer to
Rekey Timeout
Allows you to specify the amount of time you can use a key before the tunnel is re-negotiated.
You should limit the lifetime of a single key used to encrypt data or else you will compromise
the effectiveness of a single session key. Use the Rekey Timeout setting to control how often
new session keys are exchanged between servers. You cannot set the Rekey Timeout setting
to less than three minutes, except to disable the timeout by entering 00:00:00.
Enter a value from 00:03:00 to 23:59:59. The default setting is 08:00:00.
A setting of 00:00:00 disables the Rekey Timeout setting.
Rekey Data Count
Allows you to specify the amount of data you can transmit on the tunnel before the tunnel is
re-negotiated.
Enter a value from 0 to 1000000 Kbytes.
A setting of 0 disables the Rekey Data Count.
Note: If you set the Rekey Data Count too low, the tunnel is re-negotiated too often and will
consume extra system resources.
Split Tunneling
Allows you to select if the remote computer is allowed to use Split Tunneling.
Enabled
You can choose Yes or No.
The default setting is No.
Note: The Split Tunneling Enabled drop list is not available when you are adding a Remote
User account. This drop list appears when you are configuring a Remote User Account.
Domain Name
Allows you to specify the Domain Name of the Domain the remote computer reside in.
Keep-Alive Enabled
Allows for quicker detection of lost connectivity.
You can select Yes or No.
The default setting is No.
Note: Leave this setting at the default value of No for IPSec tunnel connections to systems
other than Business Communications Manager or Contivity.
6
Click the Save button.
N0008589 3.3
"Encryption" on page
766.
Advertisement
Table of Contents
