•
Remote ID
If the IP address of the remote endpoint is behind a firewall, this is the IP address of the firewall.
•
Remote Subnet
Choose None if encrypted packets are only destined for the Remote IP Address. Use an IP address / mask if
encrypted packets are also destined for the specified network that is beyond the Remote IP Address.
IMPORTANT:
The Remote Subnet and Local Subnet addresses
must not
overlap!
•
Local Subnet
Choose None if only packets generated by Vanguard services will be sent over the tunnel. Choose Ethernet if
packets from the local LAN will also be sent over the tunnel. (LAN Settings » Bind to Eth IP may need to be enabled
to make sure that packets generated by Vanguard services appear to originate from a Local Subnet address.) Use an
IP address / mask if a network beyond the local LAN will be sending packets over the tunnel.
IMPORTANT:
The Remote Subnet and Local Subnet addresses
must not
overlap!
•
Phase 1 Encryption
Use AES-128, AES-256 or 3DES encryption.
•
Phase 1 Authentication
Use MD5 or SHA1 hashing.
•
Phase 1 DH Group
Negotiate (Auto) or use 768 (Group 1), 1024 (Group 2), 1536 (Group 5) or 2048 (Group 14) bit keys.
•
Phase 1 Key Lifetime
How long the keying channel of a connection should last before being renegotiated.
•
Phase 2 Encryption
Use AES-128, AES-256 or 3DES encryption.
•
Phase 2 Authentication
Use MD5 or SHA1 hashing.
•
Phase 2 Lifetime
How long a particular instance of a connection should last, from successful negotiation to expiry.
•
Pre-shared Key
Predetermined key known to both the local unit and the remote side prior to establishing the tunnel.
•
Negotiation Mode
Choose Normal to allow IPsec to negotiate some connection parameters. Choose Aggressive to require that only
those parameters selected above can be used to create the tunnel.
•
Perfect Forward Secrecy
Enable Perfect Forward Secrecy for the session keys.
•
Dead Peer Detection Delay
Tunnel keepalive time for R_U_THERE packets during idle periods.
•
Dead Peer Detection Timeout
Timeout time during tunnel idle periods where no R_U_THERE_ACK has been received.
Vanguard 3000 Series Multicarrier Cellular Data Modem & IP Router PN 001-7300-100 Rev. B
| Page 59