Configuring an IKE VPN
Issue 4 May 2005
155
●
From the Authentication drop-down list, select the type of authentication to use.
●
None. Packets are not authenticated.
●
HMAC-MD5. Packets are authenticated using the Hash-based Message
Authentication Code (HMAC) coupled with the Message Digest 5 (MD5) hash
function.
●
HMAC-SHA. Packets are authenticated using the Hash-based Message
Authentication Code (HMAC) coupled with the Secure Hash Algorithm (SHA). SHA is
considered to be a stronger authentication algorithm than MD5.
●
Any. The security gateways negotiates which encryption method to use.
●
Use the Lifetime text boxes and lists to control the period for creating and exchanging a
new set of unique keys.
If the Time-based value expires before the Throughput value, key creation and exchange
is performed, and likewise, if Throughput expires before the Time-based value.
●
Use the Locate this Proposal options to select where to put your new proposal in the
Priority Proposal List. Security gateways always start from the top of the list when making
a query.
29. Click the Advanced tab to bring it to the front.
30. Select Apply VPN to clients only if you have created a VPN Object where User and User
Group Objects can communicate with IP Group Objects, but IP Group Objects cannot
communicate with each other.
Note:
Note:
This is an advanced control, used for a rare case. The default setting will apply to
most configurations.
31. Select Use aggressive mode for clients if you want to speed-up the time needed for
VPNremote Clients to establish a secure connection with the VPN.
32. Select CRL Checking if you want to automatically track certificates that have been revoked
by a specific Certificate Authority (CA).
Note:
Note:
This control is only available for certificate based VPNs.
33. Tunnel endpoints (VPNRemote Clients and security gateways) that use certificates shown
by a Certificate Revocation List (CRL) are denied access to the VPN. To use this feature,
you must obtain a CRL from your Certificate Authority then manually install it in the directory
server on a periodic basis. See
Enabling CRL checking on page 156
for more information.
34. If you use CRL Checking, in the Directory Name of Certificate Authority text box, type in
the distinguished name (DN) of the certificateauthority object located in directory server.
The object is where the CRL is located.
35. Click Save.
Summary of Contents for 3.7
Page 1: ...VPNmanager Configuration Guide Release 3 7 670 100 600 Issue 4 May 2005...
Page 4: ......
Page 20: ...Preface 20 Avaya VPNmanager Configuration Guide Release 3 7...
Page 32: ...Overview of implementation 32 Avaya VPNmanager Configuration Guide Release 3 7...
Page 53: ...Preferences Issue 4 May 2005 53 Figure 16 Tunnel End Point Policy...
Page 54: ...Using VPNmanager 54 Avaya VPNmanager Configuration Guide Release 3 7...
Page 244: ...Using advanced features 244 Avaya VPNmanager Configuration Guide Release 3 7...
Page 292: ...Upgrading firmware and licenses 292 Avaya VPNmanager Configuration Guide Release 3 7...