1. Manuals
  2. Brands
  3. Planet Manuals
  4. Wireless Access Point
  5. WNAP-7350
  6. User manual

Planet WNAP-7350 User Manual page 64

802.11a/n wireless outdoor ap
Hide thumbs Also See for WNAP-7350:
Table of Contents

Advertisement

 Connection address
family
 IPSec Operation Mode
 IPSec Connection Type
 PFS|DH Group
For an IPSec connection, all host addresses must be of the same
Address Family (IPv4 and IPv6 use different Address Families).
Select the IPSec Operation mode from the drop-down list.
This field allows you to set the connection type to any of the following:
Select Tunnel to specify a Host to Host, Host to Subnet (Road
Warrior), or Subnet to Subnet Tunnel. This is by far the most common
connection type.
Select Transport to specify a Host to Host Transport mode tunnel. This
connection type is much less common, and would generally only be used
if you are attempting to establish and IPSec connection to another host
which specifically requires this mode.
Select Passthrough to disable IPSec processing on packets associated
with the tunnel. We can't imagine a scenario where you would use this
connection type. I mean seriously, if you don't allow IPSec to process the
packets then you don't really have a tunnel, right? Still, the underlying
protocol supports this mode, and so here we are.
Select Drop to cause the kernel to drop IPSec packets associated with
the tunnel.
Select Reject to cause the kernel to reject IPSec packets associated with
the tunnel.
Perfect Forward Secrecy (PFS)—PFS ensures that a given IPSec SA
key was not derived from any other secret, like some other keys. In other
words, if someone breaks a key, PFS ensures that the attacker is not
able to derive any other key. If PFS is not enabled, someone can
potentially break the IKE SA secret key, copy all the IPSec protected
data, and then use knowledge of the IKE SA secret in order to
compromise the IPSec SAs setup by this IKE SA. With PFS, breaking
IKE does not give an attacker immediate access to IPSec. The attacker
needs to break each IPSec SA individually.
Diffie-Hellman (DH) key exchange protocol allows two parties without any
initial shared secret to create one securely. The following Modular
Exponential (MODP) and Elliptic Curve (EC2N) Diffie-Hellman (also
known as "Oakley") Groups are supported:
Diffie-Hellman Group
Group 1
-57-
User Manual of WNAP-7350
Name
768 bit MODP group
Reference
RFC 2409

Advertisement

Table of Contents
loading

Related Manuals for Planet WNAP-7350

Related Products for Planet WNAP-7350

Table of Contents