BEC MX-200 User Manual page 85

Advanced industrial 4g/lte wireless router

Hide thumbs Also See for MX-200:

Quick install manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

Table of Contents

IPSec Phase 1(IKE)

IKE Mode: IKE, Internet Key Exchange, is the mechanism to negotiate and exchange parameters

and keys between IPSec peers to establish security associations(SA). Select Main or Aggressive

mode.

Pre-Shared Key: This is for the Internet Key Exchange (IKE) protocol, a string from 4 to 128

characters. Both sides should use the same key. IKE is used to establish a shared security policy and

authenticated keys for services (such as IPSec) that require a key. Before any IPSec traffic can be

passed, each router must be able to verify the identity of its peer. This can be done by manually

entering the pre-shared key into both sides (router or hosts).

Local ID Type and Remote ID Type: When the mode of IKE is aggressive, Local and Remote peers

can be identified by other IDs.

IDContent: Enter IDContent the name you want to identify when the Local and Remote Type are

Domain Name; Enter IDContent IP address you want to identify when the Local and Remote Type are

IP addresses (IPv4 and IPv6 supported).

Encryption Algorithm: Select the encryption algorithm from the drop-down menu. There are several

options: DES and AES (128, 192 and 256). 3DES and AES are more powerful but increase latency.

 DES: Stands for Data Encryption Standard, it uses 56 bits as an encryption method.

 3DES: Stands for Triple Data Encryption Standard, it uses 168 (56*3) bits as an encryption

method.

 AES: Stands for Advanced Encryption Standards, you can use 128, 192 or 256 bits as

encryption method.

Authentication Algorithm: Authentication establishes the integrity of the datagram and ensures it is

not tampered with in transmission. There are 3 options: Message Digest 5 (MD5) and Secure Hash

Algorithm (SHA1, SHA256). SHA1 is more resistant to brute-force attacks than MD5. However, it is

slower.

 MD5: A one-way hashing algorithm that produces a 128−bit hash.

 SHA1: A one-way hashing algorithm that produces a 160−bit hash.

Diffle-Hellman Group: It is a public-key cryptography protocol that allows two parties to establish a

shared secret over an unsecured communication channel (i.e. over the Internet). MODP stands for

Modular Exponentiation Groups.

IPSec Phase 2(IPSec)

IPSec Proposal: Select the IPSec security method. There are two methods of verifying the

authentication information, AH(Authentication Header) and ESP(Encapsulating Security Payload).

Use ESP for greater security so that data will be encrypted and the data origin be authenticated but

using AH data origin will only be authenticated but not encrypted.

BEC MX-200 User Manual

Device Configuration

VPN – IPSec

Table of Contents

Show Quick Links

Quick Links:
Login to Your Device

Hide quick links:

Table of Contents

BEC MX-200 User Manual page 85

Hide quick links:

Related Manuals for BEC MX-200

Related Products for BEC MX-200

Table of Contents