OnCell G3100 Series Understanding and Configuring a VPN
ISAKMP (Key Management)
Pre-shared key (PSK): This sets the VPN ISAKMP Pre-Shared key settings.
Perfect forward secrecy (PFS) (default = Disable): Enable or disable the Perfect Forward Secrecy. PFS is
an additional security protocol.
Local Identity
Identity option: Select additional ID authentication requirements for the VPN using a specific IP Address,
FQDN, or User FQDN settings.
IP/FQDN/User_FQDN: Enter an ID (IP/FQDN/User_FQDN) to identify and authenticate the local VPN
endpoint.
ISAKMP phase 1
Operation mode: Select main mode or aggressive mode to configure the standard negotiation parameters for
IKE Phase 1 of the VPN Tunnel.
NAT-T (default = Disable): Enabling this option will allow IPsec traffic from this endpoint to traverse through
the translation process during NAT. The remote VPN endpoint must also support this feature and it must be
enabled to function properly over the VPN.
Encryption mode: Select the VPN ISAKMP phase 1 encryption mode.
Authentication mode: Select the VPN ISAKMP phase 1 authentication mode.
Diffie-Hellman group: Select the VPN ISAKMP phase 1 DH group. As the DH Group number increases, the
higher the level of encryption implemented for PFS
SA life time (default = 86400): Enter the number of seconds for the VPN ISAKMP phase 1 Lifetime. This is
the period of time to pass before establishing a new IPsec security association (SA) with the remote endpoint.
ISAKMP phase 2
Encryption mode: Select the VPN ISAKMP phase 2 encryption mode.
Authentication mode: Select the VPN ISAKMP phase 2 authentication mode.
Diffie-Hellman group: Select the VPN ISAKMP phase 2 DH group. As the DH Group number increases, the
higher the level of encryption implemented for PFS
SA life time (default = 28800): Enter the number of seconds for the VPN ISAKMP phase 2 Lifetime. This is
the period of time to pass before establishing a new IPsec security association (SA) with the remote endpoint.
Advanced settings
Anti-replay (default = Disable): Anti-replay is the method of not allowing an intercepted packet message to
be sent to the recipient multiple times without the original sender knowing.
Dead Peer Detection (DPD) (default = Disable): Enable or disable the Dead Peer Detection. DPD is a
method of detecting a dead Internet Key Exchange (IKE) peer. It sends a DPD packet to the peer every 60
seconds under no traffic and attempt to connect normally. If the DPD packet fails 5 times the VPN will
continuously re-establish a connection.
To Next Page
Loading...
Need help?
General
