How To establish an IPSec VPN tunnel with LB-2 VPN
Property of HotBrick — 2005
13
AutoKey (IKE)
There are 2 types of operation modes can be used:
Main Mode
accomplishes a phase 1 IKE exchange by establishing a secure channel.
Aggressive Mode
is another way of accomplishing a phase 1 exchange. It is faster and simpler than
main mode, but does not provide identity protection for the negotiating nodes.
Perfect Forward Secrecy (PFS)
If PFS is enabled, IKE phase 2 negotiation will generate a new key Material for IP traffic encryption &
authentication.
Preshared Key
This field is to authenticate the remote IKE peer.
Key Lifetime
This specifies the lifetime of the IKE generated Key. If the time expires or data is passed
over this volume, a new key will be renegotiated. By default, 0 is set for no limit.
Options
NetBIOS Broadcast
This is used to forward NetBIOS broadcast across the Internet.
Keep Alive
This is to help maintain the IPSec connection tunnel. It can be reestablished immediately if a
connection is dropped.
Anti Replay
This mechanism works by keeping track of the sequence numbers in packets as they arrive.
Passive Mode
When enabled, your PC establishes the data connection.
Check ESP Pad
When checked, this will enable ESP (Encapsulating Security Payload) padding.
Allow Full ECN
Enable will allow full Explicit Congestion Notification (ECN). ECN is a standard proposed by the IETF
that will minimize congestion on a network and the gateway dropping packets.
Copy DF Flag
When an IP packet is encapsulated as payload inside another IP packet, some of the outer header
fields can be newly written and others are determined by the inner header. Among these fields is the
IP DF (Do Not Fragment) flag. When the inner packet DF flag is clear, the outer packet may copy it
or set it. However, when the inner DF flag is set, the outer header MUST copy it.
Set DF Flag
If the DF (Do Not Fragment) flag is set, it means the fragmentation of this packet at the IP level is not
permitted.