Installation guide
QuadroM32x/8L/26x/12Li/26xi Manual II: Administrator's Guide Administrator’s Menus
QuadroM32x/8L/26x/12Li/26xi; (SW Version 5.3.x)
150
The Local ID requires an IP address, Quadro FQDN (Fully Qualified Domain Name) that is resolved to an IP address, or any @-ed string that is
used in the same way.
Remote ID also requires an IP address, the IPSec Connection partner’s FQDN (Fully Qualified Domain Name) that is resolved to an IP address, or
any @-ed string that is used in the same way.
The Local ID and Remote ID text fields may have the
values in one of the formats presented below:
• IP address – example: 10.1.19.32.
• Host name – example: vpn.epygi.com. This form
requires additional resources to resolve the host
name, therefore it is not recommended to use this
format.
• @FQDN – example: @vpn.epygi.com. This form is
considered as a string, and is not being resolved. It is
recommended to use this form for most applications.
• user@FQDN - example: quadro@vpn.epygi.com. This
form is also considered as a string, and is not being
resolved. It has no advantages over the previous form.
Please Note: The Local ID and Remote ID values are
mandatory for RSA selection and are optional for Shared
Secret selection. However, it is recommended to define the
Local ID and Remote ID values for multiple road-warrior
connections.
Fig. II-254: IPSec Connection Wizard - Automatic Keying Settings page
PFS (Perfect Forward Secrecy) is a procedure of system key exchange, which uses a long-term key and generates short-term keys as is required.
Thus, an attacker who acquires the long-term key can neither read previous messages that they may have captured nor read future ones.
Use IPSec Compression enables IPSec data compression. This option is displayed only if the IPSec-VPN partner supports it.
The forth page of the IPSec Connection Wizard contains
IPSec Connection Properties which serve to specify the
members of the IPSec Connection and to set the basic
parameters for encryption.
A group of radio buttons are used with Dynamic IP/Road
Warrior and Static IP/ Remote Gateway to select if the
remote Quadro (or another VPN gateway device) is
connected to the Internet with a dynamic IP address and is
acting as a Road Warrior, or is connected to the Internet
with a fixed IP address and is acting as a VPN Gateway.
If Dynamic IP / RoadWarrior is selected, the Remote
Gateway IP Address text field will automatically generate
the value “any”,
to allow access independent from the
sending IP address.
Selecting Static IP / Remote Gateway requires entering
the IP address or the hostname of the remote Quadro (or
another VPN gateway device) in the Remote Gateway text
field.
Please Note: The Static IP/ Remote Gateway selection is
not possible if this Gateway is positioned behind NAT,
since the IP-address of the remote gateway is not
reachable directly in this case.
Fig. II-255: IPSec Connection Wizard -IPSec Connection Properties
Quadro <> Remote Gateway allows access from the local Quadro to the remote VPN gateway (local subnet and remote subnet are not included).
This includes management access. The checkbox is disabled when “Quadro<>NAT<>[Internet]<>Peer” or “Quadro<>[Internet]<>NAT<>Peer” the is
selected from the VPN Network Topology drop down list on the first page of the IPSec Connection Wizard.
Local Subnet <> Remote Gateway allows access from all stations connected to the local network to the remote VPN gateway device (local Quadro
and remote subnet are not included). The checkbox is disabled when “Quadro<>[Internet]<>NAT<>Peer” is selected from the VPN Network
Topology drop down list on the first page of the IPSec Connection Wizard.
Quadro <> Remote Subnet allows access from the local Quadro to all stations of the remote LAN (local subnet and remote VPN gateway devices
are not included). The checkbox is disabled when “Quadro<>NAT<>[Internet]<>Peer” is selected from the VPN Network Topology drop down list on
the first page of the IPSec Connection Wizard.
Local Subnet <> Remote Subnet allows access from all stations of the local network to all stations of the remote LAN (VPN gateway devices are
not included). In this case, the local and remote subnet IP addresses and subnet masks have to be entered in the corresponding text fields Local
Subnet IP and Remote Subnet IP.
More than one of the above checkboxes may be selected to specify the desired communication relations.