6: Basic Parameters
SLC™ Console Manager User Guide 67
3. To save, click Apply button.
4. To see a details of the VPN tunnel connection, including the cryptographic algorithms used,
select the View Detailed Status link.
5. To see the last 100 lines of the logs associated with the VPN tunnel, select the View VPN
Logs link.
6. To see the RSA public key for the SLC console manager (required for configuring the remote
host if RSA Public Keys are being used), select the View SLC RSA Public Key link.
DH Group (Ike) The Diffie-Hellman Group, 2 or 5, used for the key exchange for data sent
through the tunnel. Any can be selected if the two sides can negotiate
which Diffie-Hellman Group to use.
Authentication The type of authentication used by the host on each side of the VPN tunnel
to verify the identity of the other host. For RSA Public Key, each host
generates a RSA public-private key pair, and shares its public key with the
remote host. The RSA Public Key for the SLC unit (which has 2192 bits) can
be viewed at either the web or CLI. For Pre-Shared Key, each host enters
the same passphrase to be used for authentication.
RSA Public Key for
Remote Host
If RSA Public Key is selected for authentication, enter the public key for the
remote host.
Pre-Shared Key If Pre-Shared Key is selected for authentication, enter the key.
Retype Pre-Shared Key If Pre-Shared Key is selected for authentication, re-enter the key.
Perfect Forward Secrecy When a new IPSec SA is negotiated after the IPSec SA lifetime expires, a
new Diffie-Hellman key exchange can be performed to generate a new
session key to be used to encrypt the data being sent through the tunnel. If
this is enabled, it provides greater security, since the old session keys are
destroyed.
Mode Configuration Client If this is enabled, the SLC console manager can receive network
configuration from the remote host. This allows the remote host to assign an
IP address/netmask to the SLC side of the VPN tunnel.
XAUTH Client If this is enabled, the SLC unit will send authentication credentials to the
remote host if they are requested. XAUTH, or Extended Authentication, can
be used as an additional security measure on top of the Pre-Shared Key or
RSA Public Key.
XAUTH Login (Client) If XAUTH Client is enabled, this is the login used for authentication.
XAUTH Password If XAUTH Client is enabled, this is the password used for authentication.
Retype Password If XAUTH Client is enabled, this is the password used for authentication.