User Interface
R&S
®
GP-E/GP-S
110User Manual v16.2.1 ─ 01
To avoid generating a rekeying loop, the margin time should be much lower than the
key lifetime (recommendation: < 0.5 x key lifetime).
The Diffie-Hellman group is left empty by default in the "Encapsulating Security Pay-
load (ESP)" options, disabling Perfect Forward Secrecy (PFS). Therefore, the initial
keying material resulting from Phase 1 of the IKE negotiation is used to generate ses-
sion keys for Phase 2. Select a Diffie-Hellman group to enable PFS. This generates a
new session key with each rekeying process, which increases the security level of the
IPsec connection.
The buttons at the bottom right of the editor panel depend on whether you add a new
IPsec profile or edit an existing profile. For a newly configured profile, click "Create" to
add the profile to the list of available IPsec profiles or "Cancel" to discard your
changes. To edit an existing profile, click "Save" to store the reconfigured profile or
"Reset" to discard your changes. You can click "Close" to shut the editor panel as long
as no changes have been made on it.
Click " Activate" in the toolbar of the desktop to apply your configuration changes if
the edited IPsec profile is already associated with an IPsec connection.
IPsec profiles can be selected when creating VPN connections as described under
"IPsec Client-to-Site Settings" on page 110, "IPsec Site-to-Site Settings" on page 114
and Chapter 4.12, "VPN Setup Examples", on page 158.
IPsec Client-to-Site
gateprotect Firewall allows you to provide VPN access to remote clients via IPsec.
IPsec Client-to-Site Overview
Navigate to "VPN > IPsec > Client-to-Site" to display the list of IPsec Client-to-Site
connections that are currently defined on the system in the item list bar.
In the expanded view, the columns of the table display the "Name" of the IPsec Client-
to-Site connection and the name of the IPsec "Profile" selected for this connection. The
"Status" column shows whether the VPN daemon is running on the system. The but-
tons in the last column allow you to view and adjust the settings for an existing IPsec
C2S connection, create a connection based on a copy of an existing IPsec connection
or delete a connection from the system.
For further information, see Chapter 3.2, "Icons and Buttons", on page 21.
IPsec Client-to-Site Settings
Use the "Client-to-Site" settings to provide VPN access to remote client computers via
IPsec.
Under "VPN > IPsec > Client-to-Site", you can add or edit an existing IPsec C2S con-
nection.
The "Client-to-Site" settings allow you to configure the following elements:
Menu Reference
To Next Page
Loading...