ADE-4300/ADW-4300 User Guide
IKE
Direction
This setting is used when determining if the IKE policy
matches the current traffic. Select the desired option.
•
Responder only - Incoming connections are allowed, but
outgoing connections will be blocked.
•
Initiator and Responder - Both incoming and outgoing
connections are allowed.
Exchange Mode
IPSec has 2 possibilities - "Main Mode" and "Aggressive
Mode".
Currently, only "Main Mode" is supported. Ensure the remote
VPN endpoint is set to use "Main Mode".
Diffie-Hellman
(DH) Group
The Diffie-Hellman algorithm is used when exchanging keys.
The DH Group setting determines the number of bit size
used in the exchange. This value must match the value used
on the remote VPN Gateway.
Local Identity
Type
Select the desired option to match the "Remote Identity
Type" setting on the remote VPN endpoint.
•
WAN IP Address - your Internet IP address.
•
Fully Qualified Domain Name - your domain name.
•
Fully Qualified User Name - your name, E-mail address,
or other ID.
Remote Identity
Type
Select the desired option to match the "Local Identity Type"
setting on the remote VPN endpoint.
•
IP Address - The Internet IP address of the remote VPN
endpoint.
•
Fully Qualified Domain Name - the Domain name of the
remote VPN endpoint.
•
Fully Qualified User Name - the name, E-mail address, or
other ID of the remote VPN endpoint.
Remote Identity
Data
Enter the data for the selection above. (If "IP Address" is
selected, no input is required.)
SA Parameters
Encryption
Encryption Algorithm used for both IKE and IPSec. This
setting must match the setting used on the remote VPN
Gateway.
Authentication
Authentication Algorithm used for both IKE and IPSec. This
setting must match the setting used on the remote VPN
Gateway.
Pre-shared Key
The key must be entered both here and on the remote VPN
Gateway. This method does not require using a CA (Certifi-
cate Authority).
SA Life Time
This determines the time interval before the SA (Security
Association) expires. (It will automatically be re-established if
necessary.) While using a short time period (or data amount)
increases security, it also degrades performance. It is com-
mon to use periods over an hour (3600 seconds) for the SA
Life Time. This setting applies to both IKE and IPSec SAs.
82
Содержание ADE-4300A
Страница 1: ...ADSL 2 2 VPN Firewall Router ADE 4300A B ADW 4300A B User s Manual...
Страница 57: ...ADE 4300 ADW 4300 User Guide 52...
Страница 60: ...Operation and Status 55...