Motorola 2200 User Manual
Page 202
Administrator’s Handbook
202
Remote ID Mask
If Aggressive mode is selected as the Negotiation Method, and Subnet as the Remote ID
Type, this field appears. This is the remote (central-office-side) subnet mask.
Pre-Shared Key
Type
The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour suppor ts ASCII or
HEX types
Pre-Shared Key
The Pre-Shared Key is a parameter used for authenticating each side. The value can be
ASCII or Hex and a maximum of 64 characters. ASCII is case-sensitive.
DH Group
Diffie-Hellman is a public key algorithm used between two systems to determine and
deliver secret keys used for encr yption. Groups 1, 2 and 5 are suppor ted.
PFS Enable
Per fect For ward Secrecy (PFS) is used during SA renegotiation. When PFS is selected, a
Diffie-Hellman key exchange is required. If enabled, the PFS DH group follows the IKE
phase 1 DH group.
SA Encrypt Type
SA Encr yption Type refers to the symmetric encr yption type. This encr yption algorithm
will be used to encr ypt each data packet. SA Encr yption Type values suppor ted include
DES and 3DES.
SA Hash Type
SA Hash Type refers to the Authentication Hash algorithm used during SA negotiation.
Values suppor ted include MD5 and SHA1. N/A will display if NONE is chosen for Auth
Protocol.
Invalid SPI
Recovery
Enabling this allows the Gateway to re-establish the tunnel if either the Motorola Neto-
pia® Gateway or the peer gateway is rebooted.
Soft MBytes
Setting the Soft MBytes parameter forces the renegotiation of the IPSec Security Associ-
ations (SAs) at the configured Soft MByte value. The value can be configured between 1
and 1,000,000 MB and refers to data traffic passed. If this value is not achieved, the
Hard MBytes parameter is enforced. This parameter does not need to match the peer
gateway.
Soft Seconds
Setting the Soft Seconds parameter forces the renegotiation of the IPSec Security Asso-
ciations (SAs) at the configured Soft Seconds value. The value can be configured
between 60 and 1,000,000 seconds. This parameter does not need to match the peer
gateway.
Hard MBytes
Setting the Hard MBytes parameter forces the renegotiation of the IPSec Security Associ-
ations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers to data traffic
passed. This parameter does not need to match the peer gateway.
Hard Seconds
Setting the Hard Seconds parameter forces the renegotiation of the IPSec Security Asso-
ciations (SAs) at the configured Hard Seconds value. The value can be configured
between 60 and 1,000,000 seconds This parameter does not need to match the peer
gateway.
IPSec MTU
Some ISPs require a setting of e.g. 1492 (or other value). The default 1500 is the most
common and you usually don’t need to change this unless other wise instructed.
Accepted values are from 100 – 1500.
This is the star ting value that is used for the MTU when the IPSec tunnel is installed. It
specifies the maximum IP packet length for the encapsulated AH or ESP packets sent by
the router. The MTU used on the IPSec connection will be automatically adjusted based
on the MTU value in any received ICMP can't fragment error messages that correspond
to IPSec traffic initiated from the router. Normally the MTU only requires manual configu-
ration if the ICMP error messages are blocked or other wise not received by the router.
Table 3: IPSec Tunnel Details page parameters