VPN advanced configuration
167
Configuration Guide
Variable definitions
The following table describes the variables and values for configuring VPN IP security.
Variable
Value
Policy Action
Select this check box to create a policy action.
Policy Name
Type the IPsec policy name. Each policy must have a unique name.
Existing Policies
Select an existing policy for the IPsec policy.
Interface Name
Select the name of the interface for which you want to apply the policy.
Policy Status
Select the status of the IPsec policy. Select one of the following:
•
INACTIVE - the policy is deleted from the interface.
•
ACTIVE - the policy is applied on the interface.
IPSec Gateway IP Address
Type the security remote endpoint address. All packets are secure up to
this destination.
Traffic Selector table
Local Address
Type the source IP address of the outbound traffic.
Local Address Mask
Type the Network mask of the outbound traffic.
Remote Address
Type the destination IP address of the outbound traffic.
Remote Address Mask
Type the destination mask of the outbound traffic.
Protocol
Select the required traffic protocol for the source and destination address.
Select one of the following options:
•
Any
•
TCP
•
UDP
•
ICMPv4
•
AH
•
ESP
When you select a protocol and apply the IPSec policy, the policy is
applied on the selected protocol packets only. For example, if you select
ICMPv4, when you ping from one host to another, only ICMP packets are
authenticated.
IPSec SA table
IPSec Mode
Select the IPSec mode.
If you select Tunnel, IPSec encrypts the IP header and the payload.
If you select Transport, IPSec encrypts only the payload.
Protocol
Select the authentication protocol.
If you select
ESP, IPSec encrypts and authenticates.
If you select AH, IPSec authenticates only.
IPSec Authentication
Select the IPSec authentication method. Select one of the following:
•
HMAC-MAC5 - the message authentication code is calculated using
the MD5 cryptographic hash function. This cryptographic hash function
has some additional security properties with a 128-bit hash value,
which is commonly used to check the integrity of files.
•
HMAC-SHA1 - the message authentication code is calculated using
the SHA1 algorithm. This cryptographic hash function computes a
condensed digital representation to a high degree of probability.
Содержание BSG12aw 1.0
Страница 14: ...14 Introduction NN47928 500 NN47928 500 ...
Страница 22: ...22 WAN configuration NN47928 500 NN47928 500 ...
Страница 54: ...54 SIP configuration NN47928 500 NN47928 500 ...
Страница 80: ...80 QoS configuration NN47928 500 NN47928 500 ...
Страница 82: ...82 Advanced configuration NN47928 500 NN47928 500 ...
Страница 110: ...110 LAN advanced configuration NN47928 500 NN47928 500 ...
Страница 144: ...144 IP routing advanced configuration NN47928 500 NN47928 500 ...
Страница 152: ...152 DHCP advanced configuration NN47928 500 NN47928 500 ...
Страница 164: ...164 QoS advanced configuration NN47928 500 NN47928 500 ...
Страница 176: ...176 VPN advanced configuration NN47928 500 NN47928 500 ...
Страница 200: ...200 Port management advanced configuration NN47928 500 NN47928 500 ...