User`s guide
190
This parameter can be used to override the private key filename in the IKE configuration.
It is only used when RSA Signatures (Certificates) are being used for the authentication
stage of the IKE negotiation.
Use enc encryption on this tunnel
The ESP encryption protocol to use with this IPsec tunnel. The options are:
• No (None)
• Null
• DES
• 3DES
• AES (128 bit keys)
• AES (192 bit keys)
• AES (256 bit keys)
If the dropdown options only display None and Null, the router will need Encryption
enabling. Please speak to your sales contact with regards to getting Encryption enabled.
Use auth authentication on this tunnel
The ESP authentication algorithm to use with this IPsec tunnel. The options are:
• No (None)
• MD5
• SHA1
Use Diffie Hellman group
The Diffie Hellman (DH) group to use when negotiating new IPsec SAs. When used, the
IPsec SA keys cannot be predicted from any of the previous keys generated. The options
are “No PFS”, 1, 2 or 3. The larger values result in “stronger” keys but they take longer to
generate.
Use IKE n to negotiate this tunnel
The IKE version to use to negotiate this IPsec tunnel.
Use IKE configuration
The IKE configuration instance to use with this Eroute when the router is configured as an
Initiator.
Bring this tunnel up
This controls how the IPsec tunnel is brought up. The options are:
• All the time
• Whenever a route to the destination is available
• On demand
If the tunnel is down and a packet is ready to be sent
Defines the action that is performed when the IPsec tunnel is down and a packet needs to
be sent. The options are:
• Bring the tunnel up
• Drop the packet
• Send the packet without encryption and authentication