Table of Contents
Advertisement
IPsec
The IPsec protocol client enables the router to establish a secure connection to an IPsec peer via the Internet. IPsec is
supported in two modes - transport and tunnel. Transport mode creates secure point to point channel between two
hosts. Tunnel mode can be used to build a secure connection between two remote LANs serving as a VPN solution.
IPsec system maintains two databases: Security Policy Database (SPD) which defines whether to apply IPsec to a packet
or not and specify which/how IPsec-SA is applied and Security Association Database (SAD), which contain Key of each
IPsec-SA.
The establishment of the Security Association (IPsec-SA) between two peers is needed for IPsec communication. It can
be done by using manual or automated configuration.
Note: router starts establishing tunnel when data from router to remote site over tunnel is sent. For automatic tunnel
establishment used tunnel keep-alive feature.
Automatic IPSec Key exchange
Field name
1.
Enable IPSec
2.
IPSec key exchange mode
3.
Enable NAT traversal
4.
Enable initial contact
5.
Peers identifier type
6.
Mode
7.
My identifier
8.
Preshare key
9.
Remote VPN Endport
Description
Check box to enable IPSec.
Automatic Key exchange.
Enable this function if client-to-client applications will be used.
Enable this to send an INITIAL-CONTACT message.
Choose "fqdn" or "user fqdn" accordingly to your IPSec server configuration.
Select "Main" or "Aggressive" mode accordingly to your IPSec server
configuration.
Set the device identifier for IPSec tunnel.
Specify the authentication secret [string]. Secret's length depends on selected
algorithm, eg. 128 bit long secret is 16 characters in length, 128 bits / 8 bits
(one character) = 16.
Set remote IPSec server IP address.
47
- Quick Links:
- Logging in
Hide quick links:
Advertisement
Table of Contents
