beautypg.com

Robustel R3000 Lite User Guide User Manual

Page 57

background image

Robustel GoRugged R3000 Lite User Guide


RT_UG_R3000 Lite_v.1.0.0 23.12.2013 56 / 113
Confidential

Address

IPSec Mode

Select from “Tunnel” and “Transport”.
Tunnel: Commonly used between gateways, or at an end-station to a
gateway, the gateway acting as a proxy for the hosts behind it.
Transport: Used between end-stations or between an end-station and a
gateway, if the gateway is being treated as a host—for example, an
encrypted Telnet session from a workstation to a router, in which the
router is the actual destination.

Tunnel

IPSec Protocol

Select the security protocols from “ESP” and “AH”.
ESP: Uses the ESP protocol.
AH: Uses the AH protocol.

ESP

Local Subnet

Enter IPSec Local Protected subnet’s address.

0.0.0.0

Local Subnet Mask

Enter IPSec Local Protected subnet’s mask.

0.0.0.0

Local ID Type

Select from “IP Address”, “FQDN” and “User FQDN” for IKE negotiation.
“Default” stands for “IP Address”.
IP Address: Uses an IP address as the ID in IKE negotiation.
FQDN: Uses an FQDN type as the ID in IKE negotiation. If this option is
selected, type a name without any at sign (@) for the local security
gateway, e.g., test.robustel.com.
User FQDN: Uses a user FQDN type as the ID in IKE negotiation. If this
option is selected, type a name string with an sign “@” for the local
security gateway, e.g., [email protected].

Default

Remote Subnet

Enter IPSec Remote Protected subnet’s address.

0.0.0.0

Remote Subnet Mask

Enter IPSec Remote Protected subnet’s mask.

0.0.0.0

Remote ID Type

Select from “IP Address”, “FQDN” and “User FQDN” for IKE negotiation.
IP Address: Uses an IP address as the ID in IKE negotiation.
FQDN: Uses an FQDN type as the ID in IKE negotiation. If this option is
selected, type a name without any at sign (@) for the local security
gateway, e.g., test.robustel.com.
User FQDN: Uses a user FQDN type as the ID in IKE negotiation. If this
option is selected, type a name string with a sign “@” for the local
security gateway, e.g., [email protected].

Default

Negotiation Mode

Select from “Main” and “aggressive” for the IKE negotiation mode in
phase 1. If the IP address of one end of an IPSec tunnel is obtained
dynamically, the IKE negotiation mode must be aggressive. In this case,
SAs can be established as long as the username and password are
correct.

Main

Encryption Algorithm

Select from “DES”, “3DES”, “AES128”, “AES192” and “AES256”to be
used in IKE negotiation.
DES: Uses the DES algorithm in CBC mode and 56-bit key.
3DES: Uses the 3DES algorithm in CBC mode and 168-bit key.
AES128: Uses the AES algorithm in CBC mode and 128-bit key.
AES192: Uses the AES algorithm in CBC mode and 192-bit key.

3DES