beautypg.com

AirLive IP-2000VPN User Manual

Page 67

background image

AirLive IP-2000VPN User’s Manual

64

IKE Phase 1 (IKE SA)

Local Identity

This setting must match the "Remote Identity" on the remote VPN. Select the

desired option, and enter the required data in the "Local Identity Data" field.

WAN IP Address - This is the most common method. If selected, no input is

required.

Fully Qualified Domain Name - enter the Domain Name assigned to this

device.

Fully Qualified User name - This name does not have to a valid Internet

Domain Name. E-mail addresses are often used for this entry.

DER ANS.1 DN - This must be a DER ANS.1 Domain Name.

Remote Identity

This setting must match the "Local Identity" on the remote VPN. Select the desired

option, and enter the required data in the "Remote Identity Data" field.

IP Address - This is the most common method. If selected, no input is

required.

Fully Qualified Domain Name - enter the Domain Name assigned to this

device.

Fully Qualified User name - This name does not have to a valid Internet

Domain Name. E-mail addresses are often used for this entry.

DER ANS.1 DN - This must be a DER ANS.1 Domain Name.

Authentication

RSA Signature requires that both VPN endpoints have valid Certificates

issued by a CA (Certification Authority).

• For

Pre-shared key

, enter the same key value in both endpoints. The key

should be at least 8 characters (maximum is 128 characters). Note that this key

is used for the IKE SA only. The keys used for the IPSec SA are automatically

generated.

Authentication

Algorithm

Select the desired option, and ensure that both endpoints have the same settings.

Encryption

Algorithm

Select the desired method, and ensure the remote VPN endpoint uses the same

method.

• The 3DES algorithm provides greater security than DES, but is slower.
• If using AES, you must select the Key Size. If using DES or 3DES, this field is

ignored.

IKE Exchange

Mode

Select the desired option, and ensure the remote VPN endpoint uses the same

mode.

Main Mode provides identity protection for the hosts initiating the IPSec

session, but takes slightly longer to complete.

Aggressive Mode provides no identity protection, but is quicker.

See also other documents in the category AirLive Routers: