NB3700 User Manual 3.8
Parameter IPsec General Settings
Remote peer IP address or host name of the remote IPsec peer. You may
specify 0.0.0.0 to act as a responder for roadwarrior clients.
DPD Status Specifies whether Dead Peer Detection (see RFC 3706) shall
be used. DPD will detect any broken IPSec connections, in
particular the ISAKMP tunnel, and refresh the correspond-
ing SAs (Security Associations) and SPIs (Security Payload
Identifier) for a faster re-establishment of the tunnel.
Detection cycle) The delay (in seconds) between DPD keepalives that are
sent for this connection (default 30 seconds)
Failure threshold The number of unanswered DPD requests until the IPsec
peer is considered dead (the router will then try to re-
establish a dead connection automatically)
IKE Authentication
NetModule routers support IKE authentication through pre-shared keys (PSK) or certifi-
cates within a public key infrastructure. Extended Authentication (XAUTH) leverages
RADIUS-like authentication and can be used to apply user level access control over
IPSec.
Using PSK requires the following settings:
Parameter IPsec IKE Authentication Settings
PSK The pre-shared key used to authenticate at the peer
Local ID Type The type of identification for the local ID which can be a
FQDN, username@FQDN or IP address
Local ID The local ID value
Local ID Type The type of identification for the remote ID
Remote ID The remote ID value
When using certificates you would need to specify the operation mode. When run as PKI
client (initiator) you can create a Certificate Signing Request (CSR) in the certificates
section which needs to be submitted at your Certificate Authority and imported to
the router afterwards. In PKI server mode (concentrator), the router represents the
Certificate Authority and issues the certificates for remote peers. They are revokable.
Using XAUTH the following settings can be made:
88
To Next Page
Loading...
