Table of Contents
Advertisement
Administrator's Handbook
Remote ID Mask
Pre-Shared Key
Type
Pre-Shared Key
DH Group
PFS Enable
SA Encrypt Type
SA Hash Type
Invalid SPI
Recovery
Soft MBytes
Soft Seconds
Hard MBytes
Hard Seconds
IPSec MTU
202
Table 3: IPSec Tunnel Details page parameters
If Aggressive mode is selected as the Negotiation Method, and Subnet as the Remote ID
Type, this field appears. This is the remote (central-office-side) subnet mask.
The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour supports ASCII or
HEX types
The Pre-Shared Key is a parameter used for authenticating each side. The value can be
ASCII or Hex and a maximum of 64 characters. ASCII is case-sensitive.
Diffie-Hellman is a public key algorithm used between two systems to determine and
deliver secret keys used for encryption. Groups 1, 2 and 5 are supported.
Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS is selected, a
Diffie-Hellman key exchange is required. If enabled, the PFS DH group follows the IKE
phase 1 DH group.
SA Encryption Type refers to the symmetric encryption type. This encryption algorithm
will be used to encrypt each data packet. SA Encryption Type values supported include
DES and 3DES.
SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation.
Values supported include MD5 and SHA1. N/A will display if NONE is chosen for Auth
Protocol.
Enabling this allows the Gateway to re-establish the tunnel if either the Motorola Neto-
pia® Gateway or the peer gateway is rebooted.
Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associ-
ations (SAs) at the configured Soft MByte value. The value can be configured between 1
and 1,000,000 MB and refers to data traffic passed. If this value is not achieved, the
Hard MBytes parameter is enforced. This parameter does not need to match the peer
gateway.
Setting the Soft Seconds parameter forces the renegotiation of the IPSec Security Asso-
ciations (SAs) at the configured Soft Seconds value. The value can be configured
between 60 and 1,000,000 seconds. This parameter does not need to match the peer
gateway.
Setting the Hard MBytes parameter forces the renegotiation of the IPSec Security Associ-
ations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers to data traffic
passed. This parameter does not need to match the peer gateway.
Setting the Hard Seconds parameter forces the renegotiation of the IPSec Security Asso-
ciations (SAs) at the configured Hard Seconds value. The value can be configured
between 60 and 1,000,000 seconds This parameter does not need to match the peer
gateway.
Some ISPs require a setting of e.g. 1492 (or other value). The default 1500 is the most
common and you usually don't need to change this unless otherwise instructed.
Accepted values are from 100 – 1500.
This is the starting value that is used for the MTU when the IPSec tunnel is installed. It
specifies the maximum IP packet length for the encapsulated AH or ESP packets sent by
the router. The MTU used on the IPSec connection will be automatically adjusted based
on the MTU value in any received ICMP can't fragment error messages that correspond
to IPSec traffic initiated from the router. Normally the MTU only requires manual configu-
ration if the ICMP error messages are blocked or otherwise not received by the router.
Advertisement
Table of Contents
