Table of Contents
Advertisement
Parameter Descriptions
The following tables describe SafeHarbour's parameters that are used for an IPSec VPN tunnel configu-
ration:
Field
Name
Peer External IP
Address
Encryption
Protocol
Authentication
Protocol
Key Management
Field
Name
Peer Internal
Network
Peer Internal
Netmask
NAT enable
PAT Address
Negotiation
Method
Local ID type
Local ID Address/
Value
Local ID Mask
Remote ID Type
Remote ID
Address/Value
Table 2: IPSec Configuration page parameters
The Name parameter refers to the name of the configured tunnel. This is mainly used as
an identifier for the administrator. The Name parameter is an ASCII value and is limited
to 31 characters. The tunnel name does not need to match the peer gateway.
The Peer External IP Address is the public, or routable IP address of the remote gateway
or VPN server you are establishing the tunnel with.
Encryption protocol for the tunnel session.
Parameter values supported include NONE or ESP.
Authentication Protocol for IP packet header. The three parameter values are None,
Encapsulating Security Payload (ESP) and Authentication Header (AH)
The Key Management algorithm manages the exchange of security keys in the IPSec pro-
tocol architecture. SafeHarbour supports the standard Internet Key Exchange (IKE)
Table 3: IPSec Tunnel Details page parameters
The Name parameter refers to the name of the configured tunnel. This is mainly used as
an identifier for the administrator. The Name parameter is an ASCII value and is limited
to 31 characters. The tunnel name does not need to match the peer gateway.
The Peer Internal IP Network is the private, or Local Area Network (LAN) address of the
remote gateway or VPN Server you are communicating with.
The Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network.
Turns NAT on or off for this tunnel.
If NAT is enabled, this field appears. You can specify a Port Address Translation (PAT)
address or leave the default all-zeroes (if Xauth is enabled). If you leave the default. the
address will be requested from the remote router and dynamically applied to the Gate-
way.
This parameter refers to the method used during the Phase I key exchange, or IKE pro-
cess. SafeHarbour supports Main or Aggressive Mode. Main mode requires 3 two-way
message exchanges while Aggressive mode only requires 3 total message exchanges.
If Aggressive mode is selected as the Negotiation Method, this option appears. Selec-
tion options are: IP Address, Subnet, Hostname, ASCII
If Aggressive mode is selected as the Negotiation Method, this field appears. This is the
local (Gateway-side) IP address (or Name Value, if Subnet or Hostname are selected as
the Local ID Type).
If Aggressive mode is selected as the Negotiation Method, and Subnet as the Local ID
Type, this field appears. This is the local (Gateway-side) subnet mask.
If Aggressive mode is selected as the Negotiation Method, this option appears. Selec-
tion options are: IP Address, Subnet, Hostname, ASCII.
If Aggressive mode is selected as the Negotiation Method, this field appears. This is the
remote (central-office-side) IP address (or Name Value, if Subnet or Hostname are
selected as the Local ID Type).
Description
Description
201
Advertisement
Table of Contents
