Motorola 2200 Administrator's Handbook page 152

Administrator's Handbook
Local ID Mask
Remote ID Type
Remote ID
Address/Value
Remote ID Mask
Pre-Shared Key
Type
Pre-Shared Key
DH Group
PFS Enable
SA Encrypt Type
SA Hash Type
Invalid SPI
Recovery
Soft MBytes
Soft Seconds
Hard MBytes
Hard Seconds
152
Table 3: IPSec Tunnel Details page parameters
If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Local ID Type, this field appears. This is the local (Gateway-side) sub-
net mask.
If Aggressive mode is selected as the Negotiation Method, this option
appears. Selection options are: IP Address, Subnet, Hostname, ASCII.
If Aggressive mode is selected as the Negotiation Method, this field
appears. This is the remote (central-office-side) IP address (or Name Value,
if Subnet or Hostname are selected as the Local ID Type).
If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Remote ID Type, this field appears. This is the remote (central-office-
side) subnet mask.
The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour sup-
ports ASCII or HEX types
The Pre-Shared Key is a parameter used for authenticating each side. The
value can be ASCII or Hex and a maximum of 64 characters. ASCII is case-
sensitive.
Diffie-Hellman is a public key algorithm used between two systems to
determine and deliver secret keys used for encryption. Groups 1, 2 and 5
are supported.
Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS
is selected, a Diffie-Hellman key exchange is required. If enabled, the PFS
DH group follows the IKE phase 1 DH group.
SA Encryption Type refers to the symmetric encryption type. This encryp-
tion algorithm will be used to encrypt each data packet. SA Encryption
Type values supported include DES and 3DES.
SA Hash Type refers to the Authentication Hash algorithm used during SA
negotiation. Values supported include MD5 and SHA1. N/A will display if
NONE is chosen for Auth Protocol.
Enabling this allows the Gateway to re-establish the tunnel if either the
Motorola Netopia® Gateway or the peer gateway is rebooted.
Setting the Soft MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft MByte value. The value
can be configured between 1 and 1,000,000 MB and refers to data traffic
passed. If this value is not achieved, the Hard MBytes parameter is
enforced. This parameter does not need to match the peer gateway.
Setting the Soft Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft Seconds value. The
value can be configured between 60 and 1,000,000 seconds. This param-
eter does not need to match the peer gateway.
Setting the Hard MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers to
data traffic passed. This parameter does not need to match the peer gate-
way.
Setting the Hard Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard Seconds value. The
value can be configured between 60 and 1,000,000 seconds This parame-
ter does not need to match the peer gateway.