Manualshelf

User`s manual

ManualsBrandsDestination Audio ManualsComputer equipmentCS500
919293949596979899100
Content Security Gateway User’s Manual
- 95 -
Step 2: Configure the paremeters.
Name: Specify a name for the VPN rule.
From Source: Select from LAN or DMZ to build up the VPN tunnel.
To Destination:
Remote Gateway – Fixed IP: Specify the fixed IP address or domain name of the remote side VPN
gateway.
Subnet / Mask: Specify the LAN IP subnet and mask of the remote side VPN
gateway.
Remote Gateway – Dynamic IP: Select Dynamic IP if the remote side VPN gateway can not provide
fixed IP or domain name to be configured.
Subnet / Mask: Specify the LAN IP subnet and mask of the remote side VPN
gateway.
Remote Client – Fixed IP or Dynamic IP: Select Remote Client if there is only one user and dial up to
Internet with PPPoE or cable modem.
Preshare Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long.
Encapsulation
ISAKMP Algorithm
ENC Algorithm: ESP Encryption Algorithm. ESP (Encapsulating Security Payload) provides
security for the payload (data) sent through the VPN tunnel. Generally, you will want to enable both
Encryption and Authentication. The available encryption algorithms including: 56 bit DES-CBC,
168-bit 3DES-CBC, AES 128-bit, AES 192-bit and AES 256-bit encryption algorithm. The default
algorithm 56 bit DES-CBC.
AUTH Method: Authentication Method. Selects MD5 (128-bit hash) or SHA-1 (160-bit hash)
authentication algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.
Group: Selects Group 1 (768-bit modulus), Group 2 (1024-bit modulus) or Group 5 (1536-bit
modulus). The larger the modulus, the more secure the generated key is. However, the larger the
modulus, the longer the key generation process takes. Both side of VPN tunnels must aggree to
use the same group. The default algorithm is Group 1.
IPSec Algorithm: Select Data Encryption + Authentication or Authentication Only.
Data Encryption + Authentication
Encryption Algorithm: Selects 56 bit DES-CBC, 168-bit 3DES-CBC, AES or NULL encryption
algorithm. The default algorithm is 56 bit DES-CBC.
Authentication Algorithm: Selects MD5 (128-bit hash) or SHA-1 (160-bit hash) authentication
algorithm. In general, SHA-1 is more secured than MD5. The default algorithm is MD5.
Authentication Only: Select this function the IPSec Algorithm will only be anthenticated with preshare
key.
Perfect Forward Secrecy
IPSec Lifetime: New keys will be generated whenever the lifetime of the old keys is exceeded.
The Administrator may enable this feature if needed and enter the lifetime in seconds to re-key.