beautypg.com

Configuration – VEGA LUCOM EDGE router ER75i v2 SL USER’S GUIDE User Manual

Page 56

background image

CONFIGURATION

56

6.13. IPSec Tunnel Configuration

IPsec tunnel configuration can be called up by option IPsec item in the menu. IPsec

tunnel allows protected connection of two networks LAN to the one which looks like one
homogenous. In the IPsec Tunnels Configuration window are four rows, each row for one
configured IPSec tunnel. The column Create switches on tunnels, other columns contain
values view set in the IPsec Tunnel Configuration windows; configuration is possible
by the Edit button.

In the IPsec Tunnel Configuration windows it is possible to define the tunnel name

(Description), off - side tunnel IP address (Remote IP Address), identification of off-side
tunnel or domain name (Remote ID), address nets behind off - side tunnel (Remote Subnet),
mask nets behind off - side tunnel (Remote Subnet Mask), identification of local side (Local
ID
), local subnet address (Local Subnet), local network mask (Local Subnet Mask), sharable
key for both parties tunnel (Pre shared Key), service life keys (Key Lifetime) and service life
IKA SA (IKE Lifetime). Rekey Margin specifies how long before connection expiry should
attempt to negotiate a replacement begin. Rekey Fuzz specifies the maximum percentage
by which Rekey Margin should be randomly increased to randomize re-keying intervals.
Parameter DPD Delay defines time after which is made IPsec tunnel verification.
By parameter DPD Timeout is set timeout of the answer. If address translation between two
end points of the IPsec tunnel is used, it needs to allow NAT Traversal (Enabled).
If parameter Aggressive mode is enabled, then establishing of IPsec tunnel will be faster,
but encryption will set permanently on 3DES-MD5. Authentication is possible to set by
parameter Authenticate mode, at choice are following possibilities: Pre-shared key or X.509
Certificate
. Parameter Pre-shared Key set shared key for both off-side tunnel.
At authentication by X.509 certificate it is necessary put in certificates CA Certificate, Remote
Certificate
and Local Certificate and private key Local Private Key and Local Passphrase.
The certificates and private keys have to be in PEM format. As certificate it is possible to use
only certificate which has start and stop tag certificate. Parameters ID contain two parts:
hostname and domain-name. Items which can be blank, are used for to exact IPsec tunnel
identification. By the help of parameter Extra Options it is possible to define additional
parameters of the IPsec tunnel, for example secure parameters etc.

The changes in settings will apply after pressing the Apply button.



























































LUCOM GmbH * Ansbacher Str. 2a * 90513 Zirndorf * Tel. 09127/59 460-10 * Fax. 09127/59 460-20 * www.lucom.de