Table of Contents
Advertisement
Remote IP Address
The IP address of the remote endpoint of the tunnel
Remote Subnets
Choose none if encrypted packets are only destined for the Remote IP Address.
Use an IP address / mask if encrypted packets are also destined for the specified network that is beyond the
Remote IP Address. IMPORTANT: The Remote Subnet and Local Subnet addresses must not overlap!
Local Interface
Local interface this tunnel applies to. Fusion allows to setup specific tunnels per interface. This specifies the
physical interface (typically a WAN interface) that will be used as the "left" IPSEC endpoint
Local Subnet
Choose None if only packets generated by Fusion LTE services will be sent over the tunnel.
Choose one of the Fusion interfaces (typically a LAN interface) to protect that specific local subnet.
Use an IP address / mask if a network beyond the local LAN will be sending packets over the tunnel. IMPORTANT:
The Remote Subnet and Local Subnet addresses must not overlap!
Phase 1 Encryption
Use AES-128, AES-256 or 3DES encryption.
Phase 1 Authentication
Use MD5 or SHA1 hashing.
Phase 1 DH Group
Negotiate (Auto) or use 768 (Group 1), 1024 (Group 2), 1536 (Group 5) or 2048 (Group 14) bit keys.
Phase 1 Key Lifetime
How long the keying channel of a connection should last before being renegotiated.
Phase 2 Encryption
Use AES-128, AES-256 or 3DES encryption.
Phase 2 Authentication
Use MD5 or SHA1 hashing.
Phase 2 Lifetime
How long a particular instance of a connection should last, from successful negotiation to expiry.
Pre-shared Key
Predetermined key known to both the local unit and the remote side prior to establishing the tunnel
Perfect Forward Secrecy
Enable Perfect Forward Secrecy for the session keys.
56
Advertisement
Table of Contents
