Digi Connect WAN Series User Manual page 66

Hide thumbs Also See for Connect WAN Series:

Configuring (5 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

page of 207

/ 207
Contents
Table of Contents
Bookmarks

Table of Contents

Digi Connect WAN Family web interface

ISAKMP Phase 1 Settings:

General Security Settings for Phase 1

Connection Mode: Main|Aggressive: Set the connection mode to match that configured

on the remote VPN device. If aggressive mode is selected, then the VPN device will try

aggressive mode first, and then try main mode if aggressive mode fails.

Enable Perfect Forward Secrecy (PFS): Set this option to enable PFS. PFS guarantees that

if one key is broken by an attacker, that does not help him to break another key. PFS is

more secure, but slows down the negotiation process. Both the Digi device and the remote

VPN device must be configured the same way.

NAT-T Settings

Enable NAT Traversal (NAT-T): Set this option if there is a NAT firewall between the two

VPN devices.

Keep Alive Interval: The amount of time in seconds between NAT keep alive messages.

Once a connection is established through a firewall, the VPN devices have to send keep

alive messages to prevent the NAT firewall from timing out the connection. Set the interval

to a value less than the connection timeout of the NAT firewall.

ISAKMP Phase 1 Policies:

Keys are negotiated in two phases. The first phase negotiates the keys and authentication

method used to establish the initial ISAKMP connection. During this phase, the two VPN

devices verify each other's identity and create a security association (encrypted

connection). Phase 2 uses the encrypted connection. The encryption and authentication

settings you specify determine the level of security in the connection the two VPN devices

used to communicate with each other.

Select the policies to use during phase 1 of the ISAKMP negotiation. Ensure that the Digi

device and the remote VPN device use the same policies. If more than one policy is

specified, the VPN devices will use the most secure policy that they both have been

configured to support.

Pre-shared Key: Using DSS and RSA signatures is more secure than using a pre-shared

key.

Encryption: The encryption type and the length of the key. The longer the key the more

secure it is.

Integrity: The authentication algorithm. The SHA1 algorithm is more secure than MD5.

SA Lifetime: The maximum length of the phase 1 security association.

Diffie-Hellman: The Diffie-Hellman group to use for key generation. The larger the group

the more secure it is.

Digi Connect WAN Family User Guide

Configuration through the web interface

Table of Contents

This manual is also suitable for:

Connect wan gprs series Connect wan gsm-r series Connect wan vpn series Connect wan ia series Connect wan 3g series Connect wan 4g series ... Show all

Digi Connect WAN Series User Manual page 66

Related Manuals for Digi Connect WAN Series

Related Products for Digi Connect WAN Series

This manual is also suitable for:

Table of Contents