Sierra Wireless AirLink RV50 Series User Manual page 144

ALEOS 4.9.0 Software Configuration User Guide for AirLink RV50 Series
Field
Remote Address Type
Remote Address
Remote Address -
Netmask
Perfect Forward
Secrecy
IPsec Encryption
Algorithm
IPsec Authentication
Algorithm
IPsec Key Group
IPsec SA Life Time
Rev 1 Dec. 17
Description
The network information of the IPsec server behind the IPsec gateway.
Options are: Subnet Address (default) and Single Address
The IP address or subnet of the device(s) connected to the gateway
If the remote address is 0.0.0.0, the remote address netmask should also be 0.0.0.0.
Note that you can only have one remote address of 0.0.0.0 for all the VPNs.
Default values are:
VPN Remote Address
10.11.12.0
1
10.11.13.0
2
3 10.11.14.0
10.11.15.0
4
10.11.16.0
5
Remote subnet mask information
Default: 255.255.255.0
0.0.0.0 is allowed for the remote address subnet mask as long as the remote address is
also 0.0.0.0.
Perfect Forward Secrecy (PFS) is enabled by default. Leave the default setting in this field.
To disable PFS, see IPsec Key
Determines the type and length of encryption key used to encrypt/decrypt ESP
(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES
(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.
Options are: None, DES, 3DES, AES-128 (default), and AES-256.
Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a 128-bit digest
for authentication. SHA is a more secure algorithm that produces a 160-bit digest.
Options are: None, MD5 and SHA1 (default)
Use this field to select the DH (Diffie-Hellman) group pre-shared key length used for
authentication, or to disable Perfect Forward Secrecy (PFS).
The DH group number determines the length of the key used in the key exchange process.
Longer keys are more secure, but take longer to compute. Also note that both peers in the
VPN exchange must use the same DH group.
PFS is enabled by default. It adds additional security because each session uses a unique
temporary public/private key pair to generate the shared secret. One key cannot be
derived from another. This ensures previous and subsequent encryption keys are secure,
even if one key is compromised.
Options are:
None —Disables PFS
•
DH1 —Uses DH Group 1 (key length is 768 bits)
•
DH2 —Uses DH Group 2 (key length is 1,024 bits) Default
•
DH5 —Uses DH Group 5 (key length is 1,536 bits)
•
Determines how long the VPN tunnel is active in seconds
Options are: 180 to 86400; Default: 7200
144
Group.
41111088