Manualshelf

Installation guide

ManualsBrandsAztech ManualsNetworking110
81828384858687888990
Quadro Manual II: Administrator's Guide Administrator's Menus
Quadro4x, 4xi, 4xa, 4xia, 4xs, 4xis, Quadro16x, 16xi, 16xa, 16xia, 16xs, 16xis; (SW Version 3.1.x) 84
The third page of the IPSec Connection wizard, Automatic
Keying, is used to setup a type of password (Shared
Secret) or the RSA public key to secure your IPSec
Connection. The functionality of Perfect Forward Secrecy
(PFS) can be added to both.
Shared Secret is a type of password consisting of any
characters that both of the IPSec Connection partners must
know. The authentication will be done with this shared
secret. All encryption functions below will remain
concealed.
RSA requires the public RSA key of your IPSec Connection
partner.
The Local ID requires an IP address, Quadro FQDN (Fully
Qualified Domain Name) that is resolved to an IP address,
or any @-ed string that is used in the same way.
Remote ID also requires an IP address, the IPSec
Connection partner’s FQDN (Fully Qualified Domain Name)
that is resolved to an IP address, or any @-ed string that is
used in the same way.
PFS (Perfect Forward Secrecy) is a procedure of system
key exchange, which uses a long-term key and it generates
a short-term keys as is required. Thus an attacker who
acquires the long-term key can neither read previous
messages that she may have captured nor read future
ones.
Use IPSec Compression enables IPSec data
compression. This option is displayed only if the IPSec-VPN
partner supports it.
Fig. II-132: IPSec Connection Wizard - Automatic Keying Settings page
The Manual Keying page offers the following components:
Depending on the selected encryption and authentication
services of the prior page (IPSec Connection Properties)
you will get some of the following text fields:
DES Encryption Key
3DES Encryption Key
SHA1 Authentication Key
MD5 Authentication Key
Manual keys must be entered in the hexadecimal format,
otherwise the “Incorrect Encryption Key” error appears.
The SPIs (Security Parameter Index) are indices to keep
the IPSec Connection tunnels distinct. A security
association (SA) is defined by destination, protocol and
SPI. Without the SPI, connections to the same gateway
using the same protocol can not be distinguished.
Fig. II-133: IPSec Connection Wizard - Manual Keying Settings page