Motorola WiNG 5 System Reference Manual page 167

IP Firewall Rules
IPSec Transform Set
Mode
Local End Point
Perfect Forward
Secrecy (PFS)
Lifetime (kB)
Lifetime (seconds)
Protocol
Remote VPN Type
Manual Peer IP
27. Select OK to save the updates made to the Crypto Map Entry screen. Selecting
saved setting.
28. Select Remote VPN Server.
Use this screen to define the server resources used to secure (authenticate) a remote VPN connection with a target
peer.
Use the drop-down menu to select the access list (ACL) used to protect IPSec
VPN traffic. New access/deny rules can be defined for the crypto map by
selecting the Create icon, or an existing set of firewall rules can be modified
by selecting the Edit icon.
Select the transform set (encryption and hash algorithms) to apply to this
crypto map configuration.
Use the drop-down menu to define which mode (pull or push) is used to
assign a virtual IP. This setting is relevant for IKEv1 only, since IKEv2 always
uses the configuration payload in pull mode. The default setting is push.
Select this radio button to define an IP address as a local tunnel end point
address. This setting represents an alternative to an interface IP address.
PFS is key-establishment protocol, used to secure VPN communications. If
one encryption key is compromised, only data encrypted by that specific key
is compromised. For PFS to exist, the key used to protect data transmissions
must not be used to derive any additional keys. Options include None, 2, 5
and 14. The default setting is None.
Select this option to define a connection volume lifetime (in kilobytes) for the
duration of an IPSec VPN security association. Once the set volume is
exceeded, the association is timed out. Use the spinner control to set the
volume from 500 - 2,147,483,646 kilobytes.
Select this option to define a lifetime (in seconds) for the duration of an IPSec
VPN security association. Once the set value is exceeded, the association is
timed out. The available range is from 120 - 86,400 seconds. The default
setting is 120 seconds.
Select the security protocol used with the VPN IPSec tunnel connection. SAs
are unidirectional, existing in each direction and established per security
protocol. Options include ESP and AH. The default setting is ESP.
Define the remote VPN type as either None or XAuth. XAuth (extended
authentication) provides additional authentication validation by permitting
an edge device to request extended authentication information from an IPSec
host. This forces the host to respond with additional authentication
credentials. The edge device respond with a failed or passed message. The
default setting is XAuth.
Select this option to define the IP address of an additional
encryption/decryption peer.
Device Configuration 5 - 107
Reset reverts the screen to its last