NetModule NB2700 User Manual page 66

Netmodule router

Hide thumbs Also See for NB2700:

Quick start manual (8 pages)

User manual (211 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

Table of Contents

afterwards. In PKI server mode the router represents the Certiﬁcate Authority and

issues the certiﬁcates for remote peers.

IKE Proposal

This section can be used to conﬁgure the phase 1 settings:

Negotiation mode: Choose the desired negotiation mode. Preferably, main mode should

be used but aggressive mode might be applicable when dealing with dynamic

endpoint addresses.

Encryption algorithm: The desired IKE encryption method (we recommend AES256)

Authentication algorithm: The desired IKE authentication method (we prefer SHA1

over MD5)

IKE Diﬃe-Hellman Group: The IKE Diﬃe-Hellman Group

SA life time: The lifetime of Security Associations

Perfect Forward Secrecy: Speciﬁes whether Perfect Forward Secrecy (PFS) should be

used. This feature increases security as PFS avoids penetration of the key-exchange

protocol and prevents compromisation of previous keys.

IPsec Proposal

This section can be used to conﬁgure the phase 2 settings:

Encapsulation mode: The desired encapsulation mode (Tunnel or Transport)

IPsec protocol: The desired IPsec protocol (AH or ESP)

Encryption algorithm: The desired IKE encryption method (we recommend AES256)

Authentication algorithm: The desired IKE authentication method (we prefer SHA1

over MD5)

SA life time: The lifetime of Security Associations

Networks

When creating Security Associations, IPsec will keep track of routed networks within

the tunnel. Packets will be only transmitted when a valid SA with matching source and

destination network is present. Therefore, you may need to specify the networks right

and left of the endpoints by applying the following settings:

Local network address: The address of your local area network

Local network mask: The netmask of your local area network

Peer network address: The address of the remote network behind the peer

Peer network mask: The netmask of the remote network behind the peer

NAT address: Optionally, you can apply NAT (masquerading) for packets coming from

a diﬀerent local network. The NAT address must reside in the network previously

speciﬁed as local network.

NB2700 User Manual

Table of Contents

Show Quick Links

Quick Links:
Overview
Conﬁguration

Hide quick links:

Table of Contents

Need help?

Do you have a question about the NB2700 and is the answer not in the manual?

NetModule NB2700 User Manual page 66

Hide quick links:

Need help?

Related Manuals for NetModule NB2700

Related Products for NetModule NB2700

Table of Contents