Table of Contents
Advertisement
Item
CA Certificate
Remote Certificate
Local Certificate
Local Private Key
Local Passphrase
Extra Options
The IPsec function supports the following types of identifiers (ID) for both sides of the
tunnel, Remote ID and Local ID parameters:
IP address (for example, 192.168.1.1)
DN (for example, C=CZ,O=Conel,OU=TP,CN=A)
FQDN (for example, @director.conel.cz) – the @ symbol proceeds the FQDN.
User FQDN (for example, director@conel.cz)
The certificates and private keys have to be in the PEM format. Use only certificates containing
start and stop tags.
The random time, after which the router re-exchanges new keys is defined as follows:
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
The default exchange of keys is in the following time range:
Minimal time: 1h - (9m + 9m) = 42m
Maximal time: 1h - (9m + 0m) = 51m
We recommend that you maintain the default settings. When you set key exchange times
higher, the tunnel produces lower operating costs, but the setting also provides less security.
Conversely, when you reducing the time, the tunnel produces higher operating costs, but
provides for higher security.
The changes in settings will apply after clicking the Apply button.
LUCOM GmbH * Ansbacher Str. 2a * 90513 Zirndorf * Tel. 09127/59 460-10 * Fax. 09127/59 460-20 * www.lucom.de
Continued from previous page
Description
Certificate for X.509 authentication.
Certificate for X.509 authentication.
Certificate for X.509 authentication.
Private key for X.509 authentication.
Passphrase used during private key generation.
Specifies the additional parameters of the IPsec tunnel for exam-
ple, secure parameters.
Table 40: IPsec Tunnel Configuration
63
3. CONFIGURATION
- Quick Links:
- Lan Configuration
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the lr77 v2 and is the answer not in the manual?
Questions and answers