Installation guide
Quadro Manual II: Administrator's Guide Administrator's Menus
Quadro4x, 4xi, 4xa, 4xia, 4xs, 4xis, Quadro16x, 16xi, 16xa, 16xia, 16xs, 16xis; (SW Version 3.1.x) 83
Quadro <> Remote Subnet allows access from the local Quadro to all stations of the remote LAN (local subnet and remote VPN gateway devices
are not included). Checkbox is disabled when “Quadro<>NAT<>[Internet]<>Peer” is selected from VPN Network Topology drop down list on the
first page of IPSec Connection Wizard.
Local Subnet <> Remote Subnet allows access from all stations of the local network to all stations of the remote LAN (VPN gateway devices are
not included). In this case the local and remote subnet IP addresses and subnet masks have to be entered in the corresponding text fields Local
Subnet IP and Remote Subnet IP.
More than one of the above checkboxes may be selected to specify the desired communication relations.
The Stop Connection if not successful checkbox allows to stop the IPSec connection attempts if the partner is still unreachable after the timeout
period. If the checkbox is unselected, the system will continue to try to reach the IPSec connection partner.
The right side of the page offers security settings for key exchange, data encryption and authentication:
The area Keying Type offers the choice between automatic and manual keying. To use manual keying, the Static IP / Remote Gateway needs to
be selected.
Auto Keying requires the ESP (Encapsulated Security payload) and IKE (Internet Key Exchange) settings (in addition with Diffie-Helman Group
settings) to be selected for the automatic keying exchange. Encryption and Authentication parameters should be defined for each of these
standards, as well as for the Manual Keying.
The Encryption drop down list offers the following standards for selection:
DES (Data Encryption Standard) is a block cipher algorithm with 64-bit blocks and a 56-bit key. This algorithm is considered to be insecure for
sensitive information.
3DES (Triple DES) uses three DES encryptions on a single data block with three different keys to achieve a higher security than is available from a
single DES pass.
AES (Advanced Encryption Standard) is a computer security standard, which became effective on May 26, 2002 by NIST to replace DES. The
cryptography scheme is a symmetric block cipher, which encrypts and decrypts 128-bit blocks of data. Lengths of 128, 192, and 256 bits are
standard key lengths used by AES.
The area Authentication offers the following parameters to be selected:
SHA (Secure Hash Algorithm) is a strong digest algorithm proposed by the US NIST (National Institute of Standards and Technology) agency as a
standard digest algorithm and is used in the Digital Signature standard, FIPS number 186 from NIST. SHA is an improved variant of MD4 producing
a 160-bit hash. SHA and MD5 are the message digest algorithms available in IPSEC.
SHA1 is an enhanced version of SHA. It works with checksums like MD5 does, but it makes a longer hash.
MD5 (Message Digest) is a hash algorithm that makes a checksum over the messages. The checksum is sent with the data and enables t
he receiver
to notice whether the data has been altered.
The Diffie-Hellman parameter is used to determine the length of the base prime numbers used during the key exchange process. The cryptographic
strength of any key derived depends, in part, on the strength of the Diffie-Hellman group, which is based upon the prime numbers.
Group 2048 (high) is stronger (more secure) than Group 2 (medium), which is stronger than Group 1 (low). Group 1 provides 768 bits of keying
strength, Group 2 provides 1024 bits, and Group 2048 provides 2048 bits. If mismatched groups are specified on each peer, negotiation fails.
Depending on whether the automatic keying type or the manual one has been selected, the button Next will lead you to the Automatic Keying or
Manual Keying page.