Table of Contents
Advertisement
Digi Connect WAN Family web interface
ISAKMP Phase 2 Settings:
l
The SAs used for bulk data transfer are created during phase 2. The phase 2 settings you
specify will determine the level of security used when devices on the local private network
communicate with devices on the remote private network. As with the other settings, the
both the Digi device and the remote VPN device must be configured to use the same
values. If more than one policy is specified, the VPN devices will use the most secure policy
that they both have been configured to support.
General Security Settings for Phase 2:
l
Diffie-Hellman: Select the Diffie-Hellman group used to generate keys. Larger groups are
more secure.
ISAKMP Phase 2 Policies:
l
Encryption: The encryption algorithm used for encrypting data and the length of the key.
The longer the key the more secure it is. There are three supported encryption algorithms
including DES, 3-DES, and AES. DES encryption uses 64-bit keys, 3-DES encryption uses 192-
bit keys, and AES encryption uses 256-bit keys.
Authentication: The authentication algorithm used in authenticating clients. There are
two supported authentication algorithms including MD5 and SHA1. MD5 authentication
uses 128-bit keys and SHA1 uses 160-bit keys. The SHA1 algorithm is more secure than
MD5.
SA Lifetime: The maximum length of the Phase 2 security association (SA), in seconds.
After the SA has been negotiated, the SA lifetime begins. Once the lifetime has completed,
a new set of SA policies are negotiated with the remote VPN endpoint.
Example VPN configuration
The diagram shows a Digi Connect WAN VPN used as a primary remote site router:
How VPN tunnels work
The Digi device's Ethernet port usually connects to a switch or hub, which then connects to other
Ethernet devices. The mobile/cellular carrier provides only one IP address to the mobile interface. The
Digi Connect WAN Family User Guide
Configuration through the web interface
67
Advertisement
Table of Contents
