Lantronix SLC 8000 User Manual page 82

2. Enter the following:
Enable VPN Tunnel
Name
Ethernet Port
Remote Host
Remote Id
Remote Hop/Router
Remote Subnet(s)
Local Id
Local Hop/
Router
Local Subnet(s)
IKE Negotiation
SLC™ 8000 Advanced Console Manager User Guide
Select to create a tunnel.
The name assigned to the tunnel. Required to create a tunnel.
Select Ethernet port 1 or 2.
The IP address of the remote host's public network interface. The special
value of any can be entered if the remote host is a roaming user who may
not have the same IP address each time a tunnel is created. In this case, it
is recommended that the Remote Id also be configured.
How the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
If the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface.
One or more subnets behind the remote host, expressed in CIDR notation
(IP address/mask bits). If multiple subnets are specified, the subnets should
be separated by a comma.
How the SLC 8000 advanced console manager should be identified for
authentication. The Id is used by the remote host to select the proper
credentials for communicating with the SLC advanced console manager.
If the SLC unit is behind a gateway, this specifies the IP address of the
gateway's public network interface.
One or more subnets behind the SLC 8000 advanced console manager,
expressed in CIDR notation (IP address/mask bits). If multiple subnets are
specified, the subnets should be separated by a comma.
The Internet Key Exchange (IKE) protocol is used to exchange security
options between two hosts who want to communicate via IPSec. The first
phase of the protocol authenticates the two hosts to each other and
establishes the Internet Security Association Key Management Protocol
Security Association (ISAKMP SA). The second phase of the protocol
establishes the cryptographic parameters for protecting the data passed
through the tunnel, which is the IPSec Security Association (IPSec SA). The
IPSec SA can periodically be renegotiated to ensure security. The IKE
protocol can use one of two modes: Main Mode, which provides identity
protection and takes longer, or Aggressive Mode, which provides no
identity protection but is quicker. With Aggressive Mode, there is no
negotiation of which cryptographic parameters will be used; each side must
give the correct cryptographic parameters in the initial package of the
exchange, otherwise the exchange will fail. If Aggressive Mode is used, the
IKE Encryption, IKE Authentication, and IKE DH Group must be
specified.
6: Basic Parameters
82