72
VPN configuration
If
ID_FQDN
or
ID_USER_FQDN
(fully qualified domain name) is selected, enter the
name for the
Remote Party ID
in the text box next to the list. For example, an FQDN
name could be “mycompany.com”, and a user FQDN could be a mail address, such as
“[email protected].” This name must be unique for each connection rule that you
create.
•
Remote Network Address
: Enter the IPv4 address of the remote network.
•
Remote Subnet Mask
: Enter the subnet mask for the remote network.
Local Secure Group
•
Local Party ID
: Enter the identifier of the local secure group.
•
Network Address
: The network address of the local secure group is usually the network
address of the local network.
•
Subnet Mask
: Enter the subnet mask for the local network.
Phase I IKE Parameters
•
Key Management
: Select either
IKE Main Mode
or
IKE Aggressive Mode
as the
Internet Key Exchange (IKE) method. Note that the Main Mode is more secure but slower,
and Aggressive Mode is less secure but faster.
•
Hash Algorithm
: Select either
MD5
or
SHA1
as the algorithm to use for IPSec
authentication.
•
Encrypt Algorithm
: Select an encryption algorithm from the list. Both authentication and
encryption algorithms must be the same on the router and remote host.
•
Key lifetime
: Sets a time for the keys to be valid, after which they are renewed.
•
Diffie-Hellman Group
: Select one of the groups to use for the Diffie-Hellman key
exchange.
•
Pre-shared Key
: Enter the same key on the router and the remote VPN gateway or
client. (Do not use characters ` " & ' # \)
Phase II IPSec Parameters
•
Authentication Algorithm
: Select either
MD5
or
SHA1
as the algorithm to use for
IPSec authentication.
•
Encrypt Algorithm
: Select an encryption algorithm from the list. Both authentication and
encryption algorithms must be the same on the router and remote host.
•
Key lifetime
: Sets a time for the keys to be valid, after which they are renewed.
•
PFS
: Select for Perfect Forward Secrecy (PFS). The Diffie-Hellman Group options then
become available. The use of PFS is optional, enabling PFS adds another layer of
encryption security.
•
Diffie-Hellman Group
: Select one of the groups to use for the Diffie-Hellman key
exchange.
•
IKE Keep Alive
: Enables the router to send IKE keep-alive packets so that the VPN
connection remains open even when there is no activity.
Содержание PS110
Страница 6: ...6 ...
Страница 10: ...10 Deploying the HP PS110 ...
Страница 32: ...32 Managing the HP PS110 system ...
Страница 48: ...48 LAN configuration ...
Страница 76: ...76 VPN configuration ...
Страница 84: ...84 Routing configuration ...
Страница 94: ...94 Firewall configuration ...
Страница 126: ...126 Tools ...
Страница 130: ...130 ...