6: Network Settings
SGX 5150 IoT Device Gateway User Guide
62
TM
Interface
Select the interface to use to connect to VPN Gateway.
any
eth0
usb0
wlan0
Remote Network
Endpoint
Enter the remote VPN Gateway’s IP Address.
Subnet
Enter the subnet behind the VPN Gateway.
ID
Enter the identifier expected to receive from the remote host during Phase 1
negotiation.
Router/Next Hop
Enter the next-hop gateway IP address for the VPN Gateway.
Local Network
Subnet
Enter the subnet the local devices have access to or can be accessed from
the VPN connection.
ID
Enter the identifier sent to the remote host during Phase 1 negotiation.
Router/Next Hop
Enter the next-hop gateway IP address for this connection to the public
network.
Key Management
Perfect Forward Secrecy
(PFS)
Select to enable or disable the Perfect Forward Secrecy. Enabling this
feature will require IKE to generate a new set of keys in Phase 2 rather than
using the same key generated in Phase 1.
Pre-shared Key (PSK)
Enter the Pre-Shared Key used in the IPSec setting between the Local and
VPN Gateway.
ISAKMP Phase 1 (IKE)
Aggressive Mode
Select to enable or disable Aggressive Mode. In Aggressive mode, IKE tries
to combine as much information into fewer packets while maintaining
security. Aggressive mode is slightly faster but less secure.
NAT Traversal
Select to enable or disable NAT Traversal. If there is an external NAT device
between VPN tunnels, the user must enable NAT Traversal.
Encryption
Select the encryption algorithm in key exchange from the drop-down menu.
Authentication
Select the hash algorithm in key exchange from the drop-down menu.
DH Group
Select the Diffie-Hellman (DH) groups (the Key Exchange group between the
Remote and VPN Gateways) from the drop-down menu.
IKE Lifetime
Enter the number of hours for the IKE SA lifetime.
ISAKMP Phase 2 (ESP)
Encryption
Select the encryption algorithm in data exchange from the drop-down menu.
Authentication
Select the hash algorithm in data exchange from the drop-down menu.
DH Group
Select the Diffie-Hellman (DH) groups (the Key Exchange group between the
Remote and VPN Gateways) for Phase 2 from the drop-down menu.
SA Lifetime
Enter the number of hours for the SA lifetime in Phase 2.
Unreachable Host Detection
Host
Enter the unreachable detection host monitoring the connectivity with the
host on the remote network.
VPN Setting
Description