Knowledge Base-Knowledge Base

Directory

Overview Link Management Industrial Interface Network Applications VPN Maintenance CLI

Current Directory

IPsec GRE OpenVPN

IPsec

IPSec VPN

IPSec facilitates configuration of secured communication tunnels. The various tunnel configurations will be displayed in the Tunnel Table at the bottom of the page. All tunnels are create using the ESP (Encapsulating Security Payload) protocol.

Status

Field	Description
Enable	Displays current IPSec settings is enable or disable.
Description	Displays the description of current VPN channel.
Status	Displays the current VPN connection status.
Uptime	Displays the connection time since VPN is established.

General Settings

Field	Description
Enable	Select Enable will launch the IPSec process.
Description	Enter a description for this IPSec VPN tunnel.
Remote Gateway	Enter the IP address of the remote endpoint of the tunnel.
IKE Version	Internet Key Exchange, select from “IKEv1” or “IKEv2”.
Connection Type	Select from “Tunnel” or “Transport”. Tunnel: In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for network-to-network communications. Transport: In transport mode, only the payload of the IP packet is usually encrypted or authenticated. The routing is intact, since the IP header is neither modified nor encrypted.
Negotiation Mode	Select from “Main” or “Aggressive”.
Authentication Method	Select from “Pre-shared Key” or “Pre-shared Key and Xauth”.
Local Subnet	Ener the IP address with mask if a network beyond the local LAN will be sending packets through the tunnel. Multiple subnets separated by commas. NOTE: The Remote subnet and Local subnet addresses must not overlap!
Local Pre-shared Key	Enter the pre-shared key which match the remote endpoint.
Local ID Type	Select from “IPv4 Address”, “FQDN”, “User-FQDN” for authentication with the remote endpoint.
Local ID	The content of Local ID need to match “Local ID type”.
Xauth Identity	Enter Xauth identity after “Pre-shared Key and Xauth” on authentication Method is enabled.
Xauth Password	Enter Xauth password “Pre-shared Key and Xauth” on authentication Method is enabled.
Remote Subnet	Enter an IP address with mask if encrypted packets are also destined for the specified network that is beyond the Remote IP Address. Multiple subnets separated by commas. NOTE: The Remote subnet and Local subnet addresses must not overlap!
Remote ID Type	Select from “IPv4 Address”, “FQDN”, “User-FQDN” for authentication with the remote endpoint.
Remote ID	The content of Remote ID need to match “Remote ID type”.

IKE/ESP/Advanced Settings

Field	Description
Encryption Algorithm (IKE)	Select 3DES AES-128, AES-192, or AES-256 encryption.
Hash Algorithm (IKE)	Select from MD5, SHA1, SHA2 256, SHA2 384 or SHA2 512 hashing.
Diffie-Hellman Group (IKE)	Negotiate (None) or use 768 (Group 1), 1024 (Group 2), 1536 (Group 5) or 2048 (Group 14) etc.
Lifetime (IKE)	How long the keying channel of a connection should last before being renegotiated.
Encryption Algorithm (ESP)	Select 3DES AES-128, AES-192, or AES-256 encryption.
Hash Algorithm (ESP)	Select from MD5, SHA1, SHA2 256, SHA2 384 or SHA2 512 hashing.
Diffie-Hellman Group (ESP)	Negotiate (None) or use 768 (Group 1), 1024 (Group 2), 1536 (Group 5) or 2048 (Group 14) etc.
Lifetime (ESP)	How long a particular instance of a connection should last, from successful negotiation to expiry.
DPD Interval	Enter the interval after which DPD is triggered if no IPsec protected packets is received from the peer.
DPD Timeout	Enter the remote peer probe response timer.
Additional Configurations	Enter some other options of IPSec in this field. Each expression can be separated by a ‘;’.

Page Contents