4.7.3.1
Manual IPsec Key exchange
Figure 31. Authentication header settings
Mode – select tunnel or transport mode.
Remote VPN Endport – set remote IPsec server IP address.
Remote Network Secure Group – Set the remote network (Secure Policy Database) information.
4.7.3.1.1
Authentication header (AH) settings
Figure 32. Authentication header settings
Encapsulation Protocol – select encapsulation protocol: Authentication header (AH) or
Encapsulating Security Payload (ESP).
Inbound SPI – specify the inbound compression [256-65535].
Outbound SPI – specify the outbound compression [256-65535].
Authentication algorithm – specify the authentication algorithm [Open system/hmac-
md5/hmac-sha1/keyed-md5/keyed-sha1/hmac-sha2-256/hmac-sha2-384/hmac-sha2-512/hmac-
ripemd160/aes-xcbc-mac].
Preshare key – specify the authentication secret [string]. Secret's length depends on selected
algorithm, eg. 128 bit long secret is 16 characters in length, 128 bits / 8 bits (one character) = 16. The
algorithm key lengths in bits are:
hmac-md5 - 128
hmac-sha1 - 160
keyed-md5 - 128
keyed-sha1 - 160
hmac-sha2-256 - 256
hmac-sha2-384 - 384
hmac-sha2-512 - 512
hmac-ripemd160 - 160
aes-xcbc-mac - 128
31 |
P a g e