CONFIGURATION
53
4.13. Ipsec Tunnel Configuration
Ipsec tunnel configuration can be called up by option Ipsec item in the menu. Ipsec
tunnel allows protected connection of two networks LAN to the one which looks like one
homogenous. In the Ipsec Tunnels Configuration window are four rows, each row for one
configured IPSec tunnel. The column Create switches on tunnels, other columns contain
values view set in the Ipsec Tunnel Configuration windows; configuration is possible by
the Edit button.
In the Ipsec Tunnel Configuration windows it is possible to define the tunnel name
(Description), off – side tunnel IP address or domain name (Remote IP Address),
identification of off-side tunnel (Remote ID), address nets behind off – side tunnel (Remote
Subnet), mask nets behind off – side tunnel (Remote Subnet Mask), identification of local
side (Local ID), local subnet address (Local Subnet), local network mask (Local Subnet
Mask), sharable key for both parties tunnel (Pre shared Key), service life keys (Key Lifetime)
and service life IKA SA (IKE Lifetime). Rekey Margin specifies how long before connection
expiry should attempt to negotiate a replacement begin. Rekey Fuzz specifies the maximum
percentage by which Rekey Margin should be randomly increased to randomize re-keying
intervals. Parameter DPD Delay defines time after which is made Ipsec tunnel verification. By
parameter DPD Timeout is set timeout of the answer. If address translation between two end
points of the Ipsec tunnel is used, it needs to allow NAT Traversal (Enabled). If parameter
Aggressive mode is enabled, then establishing of Ipsec tunnel will be faster, but encryption
will set permanently on 3DES-MD5. Authentication is possible to set by parameter
Authenticate mode, at choice are following possibilities: Pre-shared key or X.509 Certificate.
Parameter Pre-shared Key set shared key for both off-side tunnel. At authentication by X.509
certificate it is necessary put in certificates CA Certificate, Remote Certificate and Local
Certificate and private key Local Private Key and Local Passphrase. The certificates and
private keys have to be in PEM format. As certificate it is possible to use only certificate
which has start and stop tag certificate. Parameters ID contain two parts: hostname and
domain-name. Items which can be blank, are used for to exact Ipsec tunnel identification. By
the
help
of parameter Extra Options it is possible to define additional parameters of the Ipsec tunnel,
for example secure parameters etc.
The changes in settings will apply after pressing the Apply button
.
LUCOM GmbH * Ansbacher Str. 2a * 90513 Zirndorf * Tel. 09127/59 460-10 * Fax. 09127/59 460-20 * www.lucom.de