beautypg.com

Motorola 2200 User Manual

Page 201

background image

201

Parameter Descriptions

The following tables describe SafeHarbour’s parameters that are used for an IPSec VPN tunnel configu-
ration:

Table 2: IPSec Configuration page parameters

Field

Description

Name

The Name parameter refers to the name of the configured tunnel. This is mainly used as
an identifier for the administrator. The Name parameter is an ASCII value and is limited
to 31 characters. The tunnel name does not need to match the peer gateway.

Peer External IP
Address

The Peer External IP Address is the public, or routable IP address of the remote gateway
or VPN ser ver you are establishing the tunnel with.

Encryption
Protocol

Encr yption protocol for the tunnel session.

Parameter values suppor ted include NONE or ESP.

Authentication
Protocol

Authentication Protocol for IP packet header. The three parameter values are None,
Encapsulating Security Payload (ESP) and Authentication Header (AH)

Key Management

The Key Management algorithm manages the exchange of security keys in the IPSec pro-
tocol architecture. SafeHarbour suppor ts the standard Internet Key Exchange (IKE)

Table 3: IPSec Tunnel Details page parameters

Field

Description

Name

The Name parameter refers to the name of the configured tunnel. This is mainly used as
an identifier for the administrator. The Name parameter is an ASCII value and is limited
to 31 characters. The tunnel name does not need to match the peer gateway.

Peer Internal
Network

The Peer Internal IP Network is the private, or Local Area Network (LAN) address of the
remote gateway or VPN Ser ver you are communicating with.

Peer Internal
Netmask

The Peer Internal IP Netmask is the subnet mask of the Peer Internal IP Network.

NAT enable

Turns NAT on or off for this tunnel.

PAT Address

If NAT is enabled, this field appears. You can specify a Por t Address Translation (PAT)
address or leave the default all-zeroes (if Xauth is enabled). If you leave the default. the
address will be requested from the remote router and dynamically applied to the Gate-
way.

Negotiation
Method

This parameter refers to the method used during the Phase I key exchange, or IKE pro-
cess. SafeHarbour suppor ts Main or Aggressive Mode. Main mode requires 3 two-way
message exchanges while Aggressive mode only requires 3 total message exchanges.

Local ID type

If Aggressive mode is selected as the Negotiation Method, this option appears. Selec-
tion options are: IP Address, Subnet, Hostname, ASCII

Local ID Address/
Value

If Aggressive mode is selected as the Negotiation Method, this field appears. This is the
local (Gateway-side) IP address (or Name Value, if Subnet or Hostname are selected as
the Local ID Type).

Local ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as the Local ID
Type, this field appears. This is the local (Gateway-side) subnet mask.

Remote ID Type

If Aggressive mode is selected as the Negotiation Method, this option appears. Selec-
tion options are: IP Address, Subnet, Hostname, ASCII.

Remote ID
Address/Value

If Aggressive mode is selected as the Negotiation Method, this field appears. This is the
remote (central-office-side) IP address (or Name Value, if Subnet or Hostname are
selected as the Local ID Type).