EasyManua.ls Logo

peplink ONE One - Page 91

peplink ONE One
249 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Encapsulation
Preshared
Key
ThisdefinesthepeerauthenticationpresharedkeyusedtoauthenticatethisVPN
connection.Theconnectionwillbeuponlyifthepresharedkeysoneachsidematch.
Remote
Certificate
(pem
encoded)
AvailableonlywhenX.509CertificateischosenastheAuthenticationmethod,thisfield
allowsyoutopasteavalidX.509certificate.
LocalID
InMainMode,thisfieldcanbeleftblank.InAggressiveMode,ifRemoteGatewayIP
Addressisfilledonthisendandthepeerend,thisfieldcanbeleftblank.Otherwise,this
fieldistypicallyaUFQDN.
RemoteID
InMainMode,thisfieldcanbeleftblank.InAggressiveMode,ifRemoteGatewayIP
Addressisfilledonthisendandthepeerend,thisfieldcanbeleftblank.Otherwise,this
fieldistypicallyaUFQDN.
Phase1(IKE)
Proposal
InMainMode,thisallowssettinguptosixencryptionstandards,indescendingorderof
priority,tobeusedininitialconnectionkeynegotiations.InAggressiveMode,onlyone
selectionispermitted.
Phase1DH
Group
ThisistheDiffieHellmangroupusedwithinIKE.Thisallowstwopartiestoestablisha
sharedsecretoveraninsecurecommunicationschannel.Thelargerthegroupnumber,
thehigherthesecurity.
Group2:1024bitisthedefaultvalue.
Group5:1536bitisthealternativeoption.
Phase1SA
Lifetime
ThissettingspecifiesthelifetimelimitofthisPhase1SecurityAssociation.Bydefault,itis
setat3600seconds.
Phase2(ESP)
Proposal
InMainMode,thisallowssettinguptosixencryptionstandards,indescendingorderof
priority,tobeusedfortheIPdatathatisbeingtransferred.InAggressiveMode,only
oneselectionispermitted.
Phase2PFS
Group
Perfectforwardsecrecy(PFS)ensuresthatifakeywascompromised,theattackerwill
beabletoaccessonlythedataprotectedbythatkey.
NoneDonotrequestforPFSwheninitiatingconnection.However,sincethereisno
validreasontorefusePFS,thesystemwillallowtheconnectiontousePFSifrequested
bytheremotepeer.Thisisthedefaultvalue.
Group2:1024bitDiffieHellmangroup.Thelargerthegroupnumber,thehigherthe
security.
Group5:1536bitisthethirdoption.
Phase2SA
Lifetime
ThissettingspecifiesthelifetimelimitofthisPhase2SecurityAssociation.Bydefault,itis
setat28800seconds.
IPsecStatusshowsthecurrentconnectionstatusofeachconnectionprofileandisdisplayedat
Status>IPsecVPN.
https://www.peplink.com
91
Copyright@2019Peplink

Table of Contents

Related product manuals