DEFINING TUNNELS
56 MultiConnect
®
rCell 100 MTR-LTE User Guide
Field Description
Remote Network Mask This field is used in conjunction with the Remote Network Route field,
to describe the remote endpoint's subnet. It identifies packets that are
routed over the tunnel to the remote network.
Tunnel Type Internet Key Exchange (IKE) for host-to-host, host-to-subnet, or subnet-
to-subnet tunnels. Choose from IKE or IKEv2.
IPsec Tunnel: IKE
Authentication Method Authentication is performed using secret pre-shared keys and hashing
algorithms (SHA1 MD5). This field cannot be modified.
Pre-Shared Key Secret key that is known by both endpoints.
Encryption Method IKE encryption algorithm used for the connection (phase 1 - ISAKMP SA).
Based off of phase 1, a secure set of defaults are used for phase 2,
unless the Advanced option is used, in which case, all components of
both phases 1 and 2 are specified by the user.
IPSec Tunnel: Advanced
IKE Lifetime Duration for which the ISAKMP SA exists from successful negotiation to
expiration.
Key Life Duration for which the IPsec SA exists from successful negotiation to
expiration.
Max Retries Number of retry attempts for establishing the IPsec tunnel. Enter zero
for unlimited retries.
Enable UID Enable Unique Identifier String (UID) to enable the Local ID and Remote
ID fields.
Local ID String identifier for the local security gateway.
Remote ID String identifier for the remote security gateway.
Compression Enable IPComp. This protocol increases the overall communication
performance by compressing the datagrams. Compression requires
greater CPU processing.
Perfect Forward Secrecy Newly generated keys are unrelated to older keys.
NAT Traversal A technique that establishes and maintains the tunnel while traversing
network address translation gateways. This may be necessary if this
device or the remote endpoint is behind a NAT firewall.
Aggressive Mode Whether to allow a less secure mode that exchanges identification in
plain text. This may be used for establishing tunnels where one or more
endpoints have a dynamic public IP address. Although this mode is
faster to negotiate phase 1, the authentication hash is transmitted
unencrypted. You can capture the hash and start a dictionary or use
brute force attacks to recover the PSK.
To Next Page
Loading...
