CONFIGURATION
32
Authenticate Mode
Authentication is possible to set by parameter Authenticate mode,
at choice are following possibilities:
• Pre-shared key - shared key for both off-side tunnel.
• X.509 Certificate -
Pre-shared Key sharable key for both parties tunnel
CA Certificate This certificate is necessary to insert Authentication mode x.509.
Remote Certificate This certificate is necessary to insert Authentication mode x.509.
Local Certificate This certificate is necessary to insert Authentication mode x.509.
Local Private Key This private key is necessary to insert Authentication mode x.509.
Local Passphrase This Local Passphrase is necessary to insert Authentication mode
x.509.
Extra Options By the help of this parameter it is possible to define additional
parameters of the IPsec tunnel, for example secure parameters etc.
Table 30: IPsec tunnel configuration
The certificates and private keys have to be in PEM format. As certificate it is possible
to use only certificate which has start and stop tag certificate.
Random time, after which it will re-exchange of new keys are defined:
Lifetime - (Rekey margin + random value in range (from 0 to Rekey margin * Rekey Fuzz/100))
By default, the repeated exchange of keys held in the time range:
• Minimal time: 1h - (9m + 9m) = 42m
• Maximal time: 1h - (9m + 0m) = 51m
When setting the times for key exchange is recommended to leave the default setting
in which tunnel has guaranteed security. When set higher time, tunnel has smaller operating
costs and smaller the safety. Conversely, reducing the time, tunnel has higher operating
costs and higher safety of the tunnel.
To Next Page
Loading...
