Manualshelf

Owner`s manual

ManualsBrandsCortexa Technology ManualsComputer equipment7202
61626364656667686970
Continued
66
Protocol: ESP is the de facto VPN transport protocol. We suggest leaving this as is.
Note: The system should auto-generate a rewall rule for you to allow ESP or AH
to the endpoint of the VPN. We will check this later. If it does not, you will need to
make a rewall rule allowing ESP (or AH if you changed this) trafc to the interface
you established as your end point of the tunnel. We will outline that later.
Encryption algorithms: As before in phase 1, make sure you are setting the
algorithm exactly as it is set on the other VPN server. You can use several, and
when you do so everything you select is available for use. We recommend keeping
things simple so only check the one you are going to use.
Hash algorithms: Just as in phase 1, make sure your selected hash matches
on both ends. And as in step 2, don’t add things you don’t need. SHA1 is the
suggestion if you can, but MD5 is always a good alternative.
PFS key group: this works exactly like it does in phase 1. We suggest using 1024
bit, the default is off.
Lifetime: This is the lifetime the negotiated keys will be valid for. Do not set this to
too high. We suggest one day, 86,400. A value larger than this will be less secure.
PPtP
PPTP Point to Point Tunneling Protocol A protocol that allows the Point to Point Protocol
(PPP) to be tunneled through an IP network. PPTP does not specify any changes to the PPP
protocol, but rather describes a “tunneling service” for carrying PPP (a tunneling service
is any network service enabled by tunneling protocols such as PP2P, L2F, L2TP , and IPSEC
tunnel mode). One example of a tunneling service is secure access from a remote small
ofce network to a headquarters corporate intranet via a Virtual Private Network (VPN)
that traverses the Internet. However, tunneling services are not restricted to corporate
environments and may also be used for personal (i.e., non-business) applications.
If you have your own internal PPTP server, you may redirect the PPTP request to your
internal PPTP server.
1.
2.
3.
4.
5.
Cortexa 7202 ConfIguratIon utIlIty