Billion BiGuard VPN Client
Chapter 4: VPN Configuration
21
~
Aggressive Mode:
If checked, the VPN client will used aggressive mode as negotiation
mode with the remote router
.
~
IKE port:
Negotiation port for IKE. Default value is 500.
~
Redundant GW
:
This allows the VPN Client to open an IPSec tunnel with an alternate
gateway in case the primary gateway is down or not responding. Enter either the IP
address or the url of the Redundant Gateway (e.g. router.dyndns.com).
BiGuard VPN Client will contact the primary gateway to establish a tunnel. If it fails after
several tries (default is 5 tries, configurable in "Parameters" panel then modify
"Retransmissions" field to modify this default value) the Redundant Gateway is used as the
new tunnel endpoint. Delay between two retries is about 10 seconds.
In case primary gateway can be reached but tunnel establishment fails (e.g. VPN
configuration problems) then the VPN Client won't try to establish tunnels with the
redundant gateway. Configurations need modifications.
If a tunnel is successfully established to the primary gateway with DPD feature (i.e. Dead
Peer Detection) negotiated on both sides, when the primary gateway stops responding (e.g.
DPD detects non-responding remote gateways) the VPN Client immediately starts opening
a new tunnel with the redundant gateway.
The exact same behaviour will apply to the redundant gateway. This means that the VPN
Client will try to open primary and redundant gateway until the user exits software or click
on “Save & Apply”.
X-Auth:
Define the login and password of an X-Auth IPSec negotiation. If "X-Auth popup" is
selected, a popup window asking for a login and a password will appear each time an
authentication is required to open a tunnel with the remote gateway. The end user has 20
seconds to enter its login and password before X-Auth authentication fails.
If X-Auth authentication fails then the tunnel establishment will fail too.
(Please see the “Appendix A” – the Compatible table of Billion VPN enabled devices and
BiGuard VPN Client).
Local and Remote ID
~
Local ID:
Local ID is the identity the BiGuard VPN client is sending during Phase 1 to
VPN gateway.
This identity can be: an IP address (type = IP address), for example: 195.100.205.101
an domaine name (type = DNS);
an email address (type = Email);
a string (type = KEY ID);
a certificate issuer (type=DER ASN1 DN) (About X509 certificates,
please see Appendix A).
If this identity is not set, VPN client’s IP address is used.
~
Remote ID
: Remote ID is the identity the BiGuard VPN client is expecting to receive
during Phase 1 from the VPN gateway.
This identity can be: an IP address (type = IP address);
an domaine name (type = DNS);
an email address (type = Email);
a string (type = KEY ID);
a certificate issuer (type=DER ASN1 DN) (About X509 certificates,
please see Appendix A).