Table of Contents
Advertisement
EG860
User Guide
Issue 02 (2015-04-10)
If Manual encryption algorithm is des-cbc, Manual encryption key must contain 8
characters.
– IPsec mode: includes Transmission and Tunnel.
– Data source: required if IPsec mode is Tunnel.
– Subnet mask of data source: required if IPsec mode is Tunnel.
– Data destination: required if IPsec mode is Tunnel.
– Subnet mask of data destination: required if IPsec mode is Tunnel.
– Local port: in Transmission mode, indicates the port used by the VPN; in Tunnel mode,
indicates the data start port.
– Remote port: in Transmission mode, indicates the port used by the VPN; in Tunnel
mode, indicates the data end port.
– Manual SPI: must be a hexadecimal character in the range of 0x100-0xffffffff.
If the Auto mode is used, the following parameters must be set:
– Protocol: includes AH and ESP protocols.
– IPsec mode: includes Transmission and Tunnel.
– Data source: required if IPsec mode is Tunnel.
– Subnet mask of data source: required if IPsec mode is Tunnel.
– Data destination: required if IPsec mode is Tunnel.
– Subnet mask of data destination: required if IPsec mode is Tunnel.
– Local port: in Transmission mode, indicates the port used by the VPN; in Tunnel mode,
indicates the data start port.
– Remote port: in Transmission mode, indicates the port used by the VPN; in Tunnel
mode, indicates the data end port.
– Mode: includes Aggressive and Main modes.
– Identification Type: If Mode is Aggressive, this parameter can be set to IP Type or
Name Type.
– Local Identifier: required if Identification Type is Name Type.
– NAT-T state: indicates whether NAT traversal is enabled, and can be set to Enable,
Disable, or Force.
– Phase 1 encryption algorithm: includes 3des, des, aes, and All. All indicates that all the
3des, des, and aes algorithms are supported.
– Phase 1 authentication algorithm: includes md5, sha1, and All. All indicates that both
md5 and sha1 algorithms are supported.
– Phase 1 DH group: indicates the length of the phase 1 DH group, and can be set to
768bit, 1024bit, 1536bit, 2048bit, or 4096bit.
– Phase 1 life cycle: value range: 60-86400; default value: 3600; unit: second
– Phase 2 encryption algorithm: includes 3des and des.
– Phase 2 authentication algorithm: includes hmac_md5 and hmac_sha1.
– Phase 2 DH group: indicates the length of the phase 2 DH group, and can be set to
768bit, 1024bit, 1536bit, 2048bit, 4096bit, or null.
– Phase 2 life cycle: value range: 60-86400; default value: 3600; unit: second
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 Reference
97
Hide quick links:
Advertisement
Table of Contents
