USER MANUAL
Peplink Balance Series
Remote
Networks
Enter the LAN and subnets that are located at the remote site here.
Main Mode
Choose this Main Mode if both IPsec peers use static IP addresses.
Aggressive
Choose this Aggressive Mode if one of the IPsec peers use dynamic IP addresses.
Force UDP
For UDP encapsulation to be forced regardless of the NAT-Traversal, tick this checkbox.
Pre-shared Key
This defines the peer authentication pre-shared key to be used to authenticate this VPN
connection. The connection will be up only if the pre-shared keys on each side match.
Local ID
Under Main Mode, this field can be left blank.
Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the
peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Remote ID
Under Main Mode, this field can be left blank.
Under Aggressive Mode, if Remote Gateway IP Address field is filled on this end and the
peer end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Phase 1 (IKE)
Proposal
Under Main Mode, this allows the setting of up to 6 encryption standards, in descending
order of priority, to be used in the initial connection key negotiations.
For Aggressive Mode, only one selection is permitted.
Phase 1 DH
Group
This is the Diffie-Hellman group used within IKE. This allows two parties to establish a
shared secret over an insecure communications channel. The larger the group number, the
higher the security.
Group 2 - 1024-bit is the default value.
Group 5 - 1536-bit is the alternative option.
Phase 1 SA
This setting specifies the lifetime limit of this Phase 1 Security Association. By default, it is
set at 3600 seconds.
Phase 2 (ESP)
Proposal
Under Main Mode, this allows the setting of up to 6 encryption standards, in descending
order of priority, to be used for the IP data that is being transferred.
For Aggressive Mode, only one selection is permitted.
Phase 2 PFS
Group
The Perfect Forward Secrecy (PFS) ensures that if a key was compromised, the attacker
will be able to access only the data protected by that key but not any other data.
None - Do not request for PFS when initiating connection. However, since there is no valid
reason to refuse PFS, the system will allow the connection to use PFS if requested by the
remote peer. This is the default value.
Group 2 - 1024-bit Diffie-Hellman group. The larger the group number, the higher the
security.
Group 5 - 1536-bit is the third option.
Phase 2 SA
Lifetime
This setting specifies the lifetime limit of this Phase 2 Security Association. By default, it is
set at 28800 seconds.
http://www.peplink.com -83 / 207 - Copyright © 2013 Peplink
To Next Page
Loading...
