![background image](http://html1.mh-extra.com/html/quadro/quadro4li/quadro4li_administrators-manual_3385935094.webp)
Quadro4Li Manual II: Administrator's Guide
Administrator’s Menus
Quadro4Li; (SW Version 5.2.x)
93
For the encryption and decryption of the data transmitted via the IPSec connection, a key is used.
RSA
used by Quadro is an asymmetric key
system. It has to be available on both sides of the IPSec connection and will generate a different pair of keys on each side, a private key and a public
key. During the connection establishment, some data is encrypted with the remote party’s public key. They can be decrypting the data with their
private key and the data encrypted there with Quadro’s public key can be decrypted with Quadro’s private key. Since the private key is never
transmitted, it stays completely unknown to everyone, thus the system remains safe. Even if someone gets the public key, decryption cannot be
possible without the private key. Quadro generates such a pair of keys automatically when it is set up. The user cannot see the private key, but must
know the public key because their IPSec connection partner will need it.
Please Note:
A pair of keys will always be generated, a public one and a private one. The previously generated pair of keys will become invalid as
well as all existing IPSec connections that use RSA keying.
The
IPSec Configuration
link refers to the
IPSec Connection
Settings
page. This page provides an overview of all existing IPSec connections
characterized by their
Connection Name
, the
Remote Gateway
(the IP address or the hostname of the IPSec connection partner), the
State
of the
IPSec connection (Stopped, Connecting, Activated, Waiting or Connected) and the dedicated
Keying Type
(the encryption type). The content of the
table can be sorted in ascending or descending order by clicking on the header of the respective column. There is a checkbox for every IPSec
connection to select it for further editing.
Start
activates the connection establishment of the selected
IPSec connection. The
State
of the IPSec connection will
change into “Connected” or “Activated” depending on the IPSec
connection type. If no record is selected, the error message
“One Record should be selected” appears.
Attention:
It is not recommended to simultaneously start a
static and a dynamic connection configured to use the same
secret key. A dynamic connection may capture the static
connection peer and vice versa, depending on which connection
established first.
Stop
disconnects the selected IPSec connection. The state of
the IPSec connection will change into “Stopped”. If no record is
selected, the error message “One Record should be selected”
will appear. More than one record may be selected at a time to
be stopped.
Fig. II-161: IPSec Connection Settings page
Add
leads to the
Add
IPSec Connection
wizard where a new IPSec connection can be defined and specified. The wizard provides several pages.
Edit
leads to a set of
IPSec Connection Properties
pages to modify the parameters of the selected IPSec connection. The page includes the same
components as the
Add IPSec Connection
page. To operate with
Edit
, only one record may be selected, otherwise an error message “One row
must be selected” appears.
Restart all Connections
restarts all active IPSec connections. The
State
of these IPSec connections will turn into
Connected
or
Activated
if the
restart procedure has been successfully completed.
RSA Key Management
leads to the
RSA Key Management
page to see the current RSA key, to generate a new one and to send it to the peer via
e-mail.
The first IPSec Connection Wizard page
Add IPSec Connection
has the
Connection Name
text field that requires a new mandatory IPSec
connection name. If the text field is not filled in, the error message otherwise an error will occur “Error: Incorrect connection name” will appear.
Please Note:
The input in the
Connection Name
field should only be in Latin characters, otherwise an error occurs and IPSec connection cannot be
created.
The
Peer type
drop down list is used to choose the remote
machine type for the IPSec Connection to be established. If the
list does not include the required type of machine, choose
Other
.
The
VPN Network Topology
drop down list allows you to select
the location of the peers participating to the VPN connection.
The following options are present in the list:
•
Quadro<>Peer – direct connection between Quadro and a
peer.
•
Quadro<>[Internet]<>Peer – connection between Quadro
and peer over Internet.
•
Quadro<>NAT<>[Internet]<>Peer – connection between
Quadro and peer over Internet through Quadro provider’s
NAT.
•
Quadro<>[Internet]<>NAT<>Peer – connection between
Quadro and peer over Internet through peer provider’s
NAT.
Fig. II-162: IPSec Connection Wizard - Add IPSec Connection
The second page of the IPSec Connection Wizard,
IPSec Connection Properties
serves to specify the members of the IPSec Connection and to
set the basic parameters for encryption.