Advertisement
IKE Identifier
Local ID
Peer ID
More settings for IKE Authentication
IKE Phase 1
Force UDP
Encapsulation
IKE Phase 2
Dead Peer Detection
formats of Peer ID are acceptable, including IP Address, Domain
Name, and Email.
Peer Certificate - Select a peer certificate that has been pre-obtained
and stored in Configuration>>Certificates Local Certificates.
Accept Subject Name – Enter the complete certificate subject name.
Accept Any - Any certificate signed by a trusted CA in
Configuration>>Certificates Trusted CA will be considered valid.
Set the local ID and Peer ID for identification.
Local ID and Peer ID are provided for certain connections that require
specifying an ID, such as IKEv1 using Aggressive mode and IKEv2
(optional).
Specify a local ID to be used when establishing a VPN connection
using IPsec VPN type.
Enter the ID name for the remote client.
If the values are specified, only connections coming from the specified
IP address and/or having the specified Peer ID will be accepted.
Encryption – Use Auto/AES/3DES/DES encryption algorithm and apply
MD5 or SHA-1 authentication algorithm.
Group – Specify a key exchange proposal.
Authentication – Select SHA256 or SHA1 for packet authentication.
Lifetime - For security reason, the lifetime of key should be defined.
The default value is 28800 seconds. You may specify a value in
between 900 and 86400 seconds.
Switch the toggle to enable/disable the function.
All IPsec packets will be encapsulated with UDP header if enabled.
Specify the security protocol, proposal encryption and proposal
authentication.
Security Protocol – AH (Medium) means data will be authenticated,
but not be encrypted. By default, this option is active. ESP (High)
means payload (data) will be encrypted and authenticated.
Encryption – Use AES/3DES/DES encryption algorithm.
Authentication – Select All, SHA256 or SHA1 for packet
authentication.
Lifetime – For security reason, the lifetime of key should be defined.
The default value is 3600 seconds. You may specify a value in between
600 and 86400 seconds.
Perfect Forward Secret – Switch the toggle to enable/disable this
function. PFS forces key exchange during Phase-2 periodic Rekey.
Dead Peer Detection (DPD) is the method to detect an IPsec
connection.
DPD Delay – It is a keep-alive timer. A Hello message will be emitted
periodically when a tunnel is idle. Use the value 0 to disable this
function. The recommended value is 30 seconds if enabled.
DPD Timeout - It is the timeout timer. The peer will be declared dead
once no acknowledge message is received after timeout value. Use
the value 0 to disable this function. The recommended value is 120
seconds if enabled.
OpenVPN
215
Advertisement
Need help?
Do you have a question about the Vigor2136 Series and is the answer not in the manual?
Questions and answers