M2M Cellular Gateway
5.5.3 IPSec
Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a communication session. IPSec
includes protocols for establishing mutual authentication between agents at the beginning of the
session and negotiation of cryptographic keys to be used during the session.
An IPSec VPN tunnel is established between IPSec client and server. Sometimes, we call the IPSec
VPN client as the initiator and the IPSec VPN server as the responder. There are two phases to
negotiate between the initiator and responder during tunnel establishment, IKE phase and IPSec phase.
At IKE phase, IKE authenticates IPSec peers and negotiates IKE SAs (Security Association) to set up a
secure channel for negotiating IPSec SAs in phase 2. At IPSec phase, IKE negotiates IPSec SA parameters
and sets up matching IPSec SAs in the peers. After these both phases, data is transferred between
IPSec peers based on the IPSec parameters and keys stored in the SA database.
In "IPSec" page, there is the "Configuration" window to enable the IPSec for VPN function to
activate network neighborhood between the Intranets of local and remote peers. It enables the VPN
tunnels even the gateway is under a NAT router and specify the maximum concurrent IPSec tunnels. In
addition, there is one more "Tunnel List & Status" window lists the created IPSec VPN tunnels and their
connection status. To add and create a new tunnel, click on the "Add" button. There are some
configuration windows for you to setup. They are "Tunnel Configuration", "Local & Remote
Configuration", "Authentication", "IKE Phase", "IKE Proposal Definition", "IPSec Phase", and "IPSec
Proposal Definition" windows.
Index skipping is used to reserve slots for new function insertion, when required.
181