peplink balance ONE

To Next Page

To Previous Page

USER MANUAL

Peplink Balance Series

Gateway IP

Address /

Host Name

Local

Networks

Enter the local LAN subnets here. If you have defined static routes, they will be shown

here.

Remote

Networks

Enter the LAN and subnets that are located at the remote site here.

Authentication

To access your VPN, clients will need to authenticate by your choice of methods. Choose

between the Preshared Key and X.509 Certificate methods of authentication.

Mode

Choose Main Mode if both IPsec peers use static IP addresses. Choose Aggressive

Mode if one of the IPsec peers uses dynamic IP addresses.

Force UDP

Encapsulation

For forced UDP encapsulation regardless of NAT-traversal, tick this checkbox.

Pre-shared

Key

This defines the peer authentication pre-shared key used to authenticate this VPN

connection. The connection will be up only if the pre-shared keys on each side match.

Remote

Certificate

(pem

encoded)

Available only when X.509 Certificate is chosen as the Authentication method, this field

allows you to paste a valid X.509 certificate.

Local ID

In Main Mode, this field can be left blank. In Aggressive Mode, if Remote Gateway IP

Address is filled on this end and the peer end, this field can be left blank. Otherwise, this

field is typically a U-FQDN.

Remote ID

In Main Mode, this field can be left blank. In Aggressive Mode, if Remote Gateway IP

Address is filled on this end and the peer end, this field can be left blank. Otherwise, this

field is typically a U-FQDN.

Phase 1 (IKE)

Proposal

In Main Mode, this allows setting up to six encryption standards, in descending order of

priority, to be used in initial connection key negotiations. In Aggressive Mode, only one

selection is permitted.

Phase 1 DH

Group

This is the Diffie-Hellman group used within IKE. This allows two parties to establish a

shared secret over an insecure communications channel. The larger the group number,

the higher the security.

Group 2: 1024-bit is the default value.

Group 5: 1536-bit is the alternative option.

Phase 1 SA

Lifetime

This setting specifies the lifetime limit of this Phase 1 Security Association. By default, it is

set at 3600 seconds.

Phase 2 (ESP)

Proposal

In Main Mode, this allows setting up to six encryption standards, in descending order of

priority, to be used for the IP data that is being transferred. In Aggressive Mode, only

one selection is permitted.

Phase 2 PFS

Perfect forward secrecy (PFS) ensures that if a key was compromised, the attacker will be

Main Page

peplink balance ONE - Page 122

Table of Contents

Related product manuals