Choose Main Mode if both IPsec peers use static IP addresses. Choose
Aggressive Mode if one of the IPsec peers uses dynamic IP addresses.
For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox.
This defines the peer authentication pre-shared key used to authenticate this
VPN connection. The connection will be up only if the pre-shared keys on each
side match.
Remote
Certificate (pem
encoded)
Available only when X.509 Certificate is chosen as the Authentication method,
this field allows you to paste a valid X.509 certificate.
In Main Mode, this field can be left blank. In Aggressive Mode, if Remote
Gateway IP Address is filled on this end and the peer end, this field can be left
blank. Otherwise, this field is typically a U-FQDN.
In Main Mode, this field can be left blank. In Aggressive Mode, if Remote
Gateway IP Address is filled on this end and the peer end, this field can be left
blank. Otherwise, this field is typically a U-FQDN.
In Main Mode, this allows setting up to six encryption standards, in descending
order of priority, to be used in initial connection key negotiations. In Aggressive
Mode, only one selection is permitted.
This is the Diffie-Hellman group used within IKE. This allows two parties to
establish a shared secret over an insecure communications channel. The larger
the group number, the higher the security.
Group 2: 1024-bit is the default value.
Group 5: 1536-bit is the alternative option.
This setting specifies the lifetime limit of this Phase 1 Security Association. By
default, it is set at 3600 seconds.
In Main Mode, this allows setting up to six encryption standards, in descending
order of priority, to be used for the IP data that is being transferred. In
Aggressive Mode, only one selection is permitted.
Perfect forward secrecy (PFS) ensures that if a key was compromised, the
attacker will be able to access only the data protected by that key.
None - Do not request for PFS when initiating connection. However, since there
is no valid reason to refuse PFS, the system will allow the connection to use
PFS if requested by the remote peer. This is the default value.
Group 2: 1024-bit Diffie-Hellman group. The larger the group number, the higher
the security.
Group 5: 1536-bit is the third option.
To Next Page
Loading...
Need help?
General
