NetModule NB1600 User Manual page 68

Hide thumbs Also See for NB1600:

User manual (194 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

Table of Contents

Detection cycle): The delay (in seconds) between DPD keepalives that are sent for this

connection (default 30 seconds)

Failure threshold: The number of unanswered DPD requests until the IPsec peer is

considered dead (the router will then try to re-establish a dead connection auto-

matically)

IKE Authentication

NetModule routers support IKE authentication through pre-shared keys (PSK) or cer-

tiﬁcates within a public key infrastructure.

Using PSK requires the following settings:

PSK: The pre-shared key used to authenticate at the peer

Local ID Type: The type of identiﬁcation for the local ID which can be a FQDN, username@FQDN

or IP address

Local ID: The local ID value

Local ID Type: The type of identiﬁcation for the remote ID

Remote ID: The remote ID value

When using certiﬁcates you would need to specify the operation mode. When run as

PKI client you can create a Certiﬁcate Signing Request (CSR) in the certiﬁcates section

which needs to be submitted at your Certiﬁcate Authority and imported to the router

afterwards. In PKI server mode the router represents the Certiﬁcate Authority and

issues the certiﬁcates for remote peers.

IKE Proposal

This section can be used to conﬁgure the phase 1 settings:

Negotiation mode: Choose the desired negotiation mode. Preferably, main mode should

be used but aggressive mode might be applicable when dealing with dynamic

endpoint addresses.

Encryption algorithm: The desired IKE encryption method (we recommend AES256)

Authentication algorithm: The desired IKE authentication method (we prefer SHA1

over MD5)

IKE Diﬃe-Hellman Group: The IKE Diﬃe-Hellman Group

SA life time: The lifetime of Security Associations

Perfect Forward Secrecy: Speciﬁes whether Perfect Forward Secrecy (PFS) should be

used. This feature increases security as PFS avoids penetration of the key-exchange

protocol and prevents compromisation of previous keys.

IPsec Proposal

This section can be used to conﬁgure the phase 2 settings:

Encapsulation mode: The desired encapsulation mode (Tunnel or Transport)

NB1600 User Manual

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Need help?

Do you have a question about the NB1600 and is the answer not in the manual?

NetModule NB1600 User Manual page 68

Hide quick links:

Need help?

Related Manuals for NetModule NB1600

Related Products for NetModule NB1600

Table of Contents