3Com OfficeConnect User Manual page 64
Hide thumbs
Also See for OfficeConnect:
- User manual (110 pages) ,
- Getting started manual (25 pages) ,
- Datasheet (6 pages)
Table of Contents
Advertisement
Encryption type — choose the encryption type from DES,
3DES or AES. 3DES is more secure than DES but may take
longer to encrypt and decrypt. AES offers the highest security
but will take longer than 3DES to encrypt and decrypt.
3DES and AES are not shipped with the Router as standard due
to international restrictions on encryption. If your country permits
their use they can be downloaded from the 3Com web site at
http://www.3com.com/
Hash Algorithm — choose either SHA-1 or MD5 from the
drop-down list. Both ends of the connection must use the
same value.
Exchange keys using — choose the encryption method used
to exchange shared keys. Diffie-Hellman Group 5 and
Diffie-Hellman Group 2 are more secure but less common
than Diffie-Hellman Group 1.
Renegotiate after (seconds) — this controls how often the
connection will be renegotiated (and the encryption key
changed). Longer periods are less secure but may be useful
for connections to older equipment which does not have the
processing power to negotiate frequently. The default value is
600 seconds (10 minutes).
Use Perfect Forward Secrecy — Choose whether to use
perfect forward secrecy. Using perfect forward secrecy will
change the encryption keys during the course of a connection
making the tunnel more secure but slowing data transfer. To
enable perfect forward secrecy ensure that the Use Perfect
Forward Secrecy box is checked. To keep the same key for the
length of a connection leave the box unchecked.
Use IKE keep-alive — when checked the gateway will attempt
to ensure that this tunnel remains operational once it has
been established, even if there is no traffic on it. This is useful
for tunnels where only one end can establish the connection
(eg one end of the tunnel is on a dynamic IP address, in this
case set IKE keep-alive on the 'dynamic' end of the tunnel).
Example:
Setting up an IPSec connection between two Secure
Routers.
Secure Router One is located at the head office and is configured
with the following settings:
Internet IP address: 174.19.201.162
LAN IP address: 192.168.1.1
LAN Subnet Mask: 255.255.255.0
Secure Router Two is located at the sales office and is configured
with the following settings:
Internet IP address: 172.27.34.202
LAN IP address: 192.168.2.1
Remote Subnet Mask: 255.255.255.0
To set up an IPSec Connection between the two Secure Routers,
do the following on each device:
Select IPSec Enabled from the VPN Mode screen.
1
2
Enter the Internet IP address of the Router you are configuring in
the This Router's ID field.
Enter 174.19.201.162 on Router One.
a
b
Enter 172.27.34.202 on Router Two.
64
Hide quick links:
Advertisement
Table of Contents
