Ipsec Tunnel Configuration - Wieland wienet v3 User Manual

Contents of Package

5.11 IPsec Tunnel Configuration

IPsec tunnel configuration can be called up by option
tected (encrypted) connection of two networks LAN to the one which looks like one homogenous. In the
IPsec Tunnels Configuration window
Item
Create
Description
Edit
Item
Description
Remote IP Address
Remote ID
Remote Subnet
Remote Subnet Mask
Remote Protocol/Port
Local ID
Local Subnet
Local Subnet Mask
Local Protocol/Port
Encapsulation Mode
NAT traversal
IKE Mode
IKE Algorithm
IKE Encryption
IKE Hash
IKE DH Group
51
are four rows, each row for one configured one IPsec tunnel.
Description
This item enables the individual tunnels.
The name of the tunnel specified in the configuration of the tunnel.
Configuration IPsec tunnel.
Overview IPsec tunnels
Description
Name (description) of the tunnel
IP address of remote side of the tunnel. Domain name possible.
Identifier (ID) of remote side of the tunnel. It consists of two parts:
domain-name
and (more information under the table).
IP address of a network behind remote side of the tunnel
Subnet mask of a network behind remote side of the tunnel
Specifies Protocol/Port of remote side of the tunnel. The general form is
tocol/port , for example 17/1701 for UDP (protocol 17) and port 1701. Enter-
ing protocol number only is possible, above mentioned format is preferred.
Identifier (ID) of local side of the tunnel. It consists of two parts:
domain-name
and (more information under the table).
IP address of a local network
Subnet mask of a local network
Specifies Protocol/Port of a local network. The general form is
for example 17/1701 for UDP (protocol 17) and port 1701. Entering protocol
number only is possible, above mentioned format is preferred.
IPsec mode (the method of encapsulation) – choose tunnel (entire IP data-
gram is encapsulated) or transport (only IP header).
If address translation is used between two end points of the tunnel, it needs
NAT Traversal
to enable
Defines mode for establishing connection (
sive mode is selected, establishing of IPsec tunnel will be faster, but encryp-
tion will set permanently on 3DES-MD5. We recommend not to use ag-
gressive mode due to a lower security!
Way of algorithm selection:
• auto – encryption and hash alg. are selected automatically
• manual – encryption and hash alg. are defined by the user
Encryption algorithm – 3DES, AES128, AES192, AES256
Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512
Diffie-Hellman groups determine the strength of the key used in the key ex-
change process. Higher group numbers are more secure, but require addi-
tional time to compute the key. Group with higher number provides more se-
curity, but requires more processing time.
IPsec item
in the menu. IPsec tunnel allows pro-
.
main or aggressive
Wieland Electric GmbH | BA001039 (Rev. A) | 08/2016
hostname
pro-
hostname
protocol/port
,
). If the aggres-