Table of Contents
Advertisement
AirLink Helix User Guide
Command
VPN 1 Type
VPN1 Status
SNTP Server Address
VPN Gateway
Address
Remote Subnet (IP
Addr Mask)
Pre-shared Key 1
My Identity
Peer Identity
Negotiation Mode
IKE Encryption
Algorithm
IKE Authentication
Algorithm
IPSec Encryption
Algorithm
IPSec Authentication
Algorithm
IKE SA Life Time
38
Description
Tunnel Disabled or IPsec tunnel. Use this option to enable or disable the VPN tunnel. If
custom settings are used, they will be saved and the tunnel can be disabled and re-
enabled without needing to reenter any of the settings. The IPsec VPN employs the IKE
(Internet Key Exchange) protocol to set up a SecurityAssociation (SA) between the Helix
and a Cisco (or Cisco compatible) enterprise VPN server. IPSec consists of two phases to
setup an SA between peer VPNs. Phase 1 creates a secure channel between the Helix
VPN and the enterprise VPN, thereby enabling IKE exchanges. Phase 2 sets up the IPSec
SA that is used to securely transmit enterprise data. For a successful configuration, all
settings for the VPN tunnel must be identical between the Helix VPN and the enterprise
VPN server.
Disabled, Not Connected, or Connected. This indicates the current status of the VPN
connection. Use this as part of troubleshooting a VPN connection.
The Simple Network Time Protocol Server (SNTP) ensures the clock on the Helix VPN is
synchronized to standard time. The default NTP server is pool.ntp.org. You can specify any
preferred NTP server. Both the VPN server and client must use the same SNTP address.
The IP address of the server that this client connects to. This IP address must be open to
connections from the Helix Box.
The default configuration is 0.0.0.0/0 which will direct all traffic over the GRE tunnel.
Pre-shared Key (PSK) used to initiate the VPN tunnel.
If these fields are left blank, My Identity will default to the WAN IP address assigned by the
carrier and Peer Identity will default to the VPN Server IP. For a fully qualified domain name
(FQDN), these values should be preceded by an '@'character (@www.domain.com). For
user-FQDN, these values should include a username (user@domain.com)
Required in some configurations to identify the client or peer side of a VPN connection.
This defaults to the VPN server IP address.
Main Mode or Aggressive. To operate the onboard VPN under Aggressive mode, enable
this configuration. By default the Helix operates under Main Mode. Aggressive mode offers
increased performance at the expense of security.
DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/
decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.
AES (Advanced Encryption Standard) is supports 128 bit encryption.
SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a
128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit
digest.
DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/
decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.
AES (Advanced Encryption Standard) supports 128 bit encryption.
SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a
128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit
digest.
180 to 86400. Determines how long the VPN tunnel is active in seconds. The default value
is 28,800 seconds, or 8 hours
2140847
Hide quick links:
Advertisement
Table of Contents
