VPN
79
These settings must match the remote VPN. Note that you cannot use both AH and
ESP.
Manually assigned Keys
AH Authentication
AH (Authentication Header) specifies the authentication
protocol for the VPN header, if used. (AH is often NOT used)
If AH is not enabled, the following settings can be ignored.
Keys
•
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
•
Keys can be in ASCII or Hex (0..9 A..F)
•
For MD5, the keys should be 32 hex/16 ASCII characters.
•
For SHA-1, the keys should be 40 hex/20 ASCII charac-
ters.
SPI
•
Each SPI (Security Parameter Index) must be unique.
•
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on
the remote VPN.
•
Each SPI should be at least 3 characters.
ESP Encryption
ESP (Encapsulating Security Payload) provides security for
the payload (data) sent through the VPN tunnel. Generally,
you will want to enable both Encryption and Authentication.
•
The "3DES" algorithm provides greater security than
"DES", but is slower.
•
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
ESP Authentica-
tion
Generally, you should enable ESP Authentication. There is
little difference between the available algorithms. Just ensure
each endpoint use the same setting.
•
The "in" key here must match the "out" key on the remote
VPN, and the "out" key here must match the "in" key on
the remote VPN.
•
Keys can be in ASCII or Hex (0..9 A..F)
•
For MD5, the keys should be 32 hex/16 ASCII characters.
•
For SHA-1, the keys should be 40 hex/20 ASCII charac-
ters.
ESP SPI
This is required if either ESP Encryption or ESP Authen-
tication is enabled.
•
Each SPI (Security Parameter Index) must be unique.
•
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on
the remote VPN.
•
Each SPI should be at least 3 characters.