Advertisement
Available languages
Available languages
Wireless-G ADSL Gateway with SRX200
Advanced VPN Tunnel Setup
Click the Advanced Settings button, and the Advanced VPN Tunnel Setup screen will appear.
These advanced IPSec settings are for advanced users.
Phase 1
Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2
is used to create one or more IPSec SAs, which are then used to key IPSec sessions.
Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE payloads in
different sequences. Main mode is more common; however, some people prefer Aggressive mode because it is
faster. Main mode is for normal usage and includes more authentication requirements than Aggressive mode.
Main mode is recommended because it is more secure. No matter which mode is selected, the VPN Router will
accept both Main and Aggressive requests from the remote VPN device.
Figure 6-32: Advanced VPN Tunnel Setup
Local Identity. Select the Local IP address or Name radio button. If you select Local IP address, then the
Gateway's Internet IP address will be used. If you select Name, enter the Fully Qualified Domain Name (FQDN) of
the Gateway in the field provided, so its current IP address can be located via DDNS.
Remote Identity. Select the Remote IP address or Name radio button. If you select Remote IP address, then the
Internet IP address of the remote VPN device will be used. If you select Name, enter the Fully Qualified Domain
Name (FQDN) of the remote VPN device in the field provided, so a current IP address can be located via DDNS.
Encryption. For encryption or decryption of ESP packets. 3DES (168-bit) encryption is automatically selected.
Authentication. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA1.
SHA1 is recommended because it is more secure.
Group. There are three Diffie-Hellman Groups to choose from: 768-bit, 1024-bit, and 1536-bit. Diffie-Hellman
refers to a cryptographic technique that uses public and private keys for encryption and decryption.
Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time
period of your choosing. Enter the number of seconds you'd like the key to be used until a re-key negotiation
between each endpoint is completed.
Phase 2
Encryption. The encryption method selected in Phase 1 will be displayed.
Authentication. The authentication method selected in Phase 1 will be displayed.
Chapter 6: Configuring the Wireless-G ADSL Gateway with SRX200
47
The Security Tab
Advertisement
Chapters
