Manualshelf

User guide

ManualsBrandsMultitech ManualsComputer equipmentrCell 500 Series
31323334353637383940
VPN SETUP
PFS Group: Configures Perfect Forward Secrecy for connections created with this IPSec transport profile by
assigning a Diffie-Hellman prime modulus group. There are three groups can be selected: Group 1, Group 2,
Group 5.
Disable: No PFS group.
Group 1: 768-bit Diffie-Hellman prime modulus group.
Group 2: 1024-bit Diffie-Hellman prime modulus group.
Group 5: 1536-bit Diffie-Hellman prime modulus group.
Aggressive Mode: Enabling this mode will accelerate the establishing speed of VPN tunnel, but the device
will suffer from less security. Hosts in both ends of the tunnel must support this mode so as to establish the
tunnel properly.
Preshare key: The first key that supports IKE mechanism of both VPN gateway and VPN client host for
negotiating further security keys. The pre-shared key must be the same one for both VPN gateways and
clients.
Connection Type: There are three options for you to choose when the VPN tunnel will be established. You
can choose “Connect-on-Demand”, “Auto Reconnect (always-on)”, or “Manually”.
Remote ID: The Type and the Value of the local VPN gateway must be the same as the local ID of the
remote VPN gateway.
Local ID: The Type and the Value of the local VPN gateway must be the same as the Remote ID of the
remote VPN gateway.
Dead Peer Detection: This feature will detect if remote VPN gateway still exists. Indicate time of interval
between every detection, and assigns value of timeout.
Dead Peer Detection: This feature will detect if a remote VPN gateway still exists, indicate the interval
between every detection, and assign value for timeout.
XAUTH: For the extended authentication function (XAUTH), the VPN client (or initiator) needs to provide
additional user information to the remote VPN server (or VPN gateway). The VPN server would reject the
connect request from VPN clients because of invalid user information, even though the pre-shared key is
correct. This function is suitable for remote mobile VPN clients. You can not only configure a VPN rule with a
pre-shared key for all remote users, but you can also designate account / password for specific users that
are permitted to establish VPN connection with VPN server.
XAUTH - None: Without Extended Authentication (xAuth).
XAUTH - Server: Check if the device behaves as a VPN server, and will validate the user information of
VPN clients. You can click on "XAUTH Account" button at IPSec Setting main page to edit the permitted
user account / password.
Set IKE Proposal: Check to enable IKE proposals.
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128, AES-192, and AES-256.
Authentication: There are two algorithms can be selected: SHA1 and MD5.
DH Group: There are three groups can be selected: Group 1 (MODP768), Group 2 (MODP1024), and
Group 5 (MODP1536).
Enable: Check to enable the IKE Proposal with this rule.
Set IPSec Proposal: Check to enable IPSec proposals.
Encryption: There are five algorithms can be selected: DES, 3DES, AES-128, AES-192, and AES-256. But
when the encapsulation protocol is set to AH, you can choose Null without encryption.
Authentication: There are two algorithms can be selected: SHA1 and MD5. But none also can be selected
here for IPSec proposal.
38 MultiConnect
®
rCell 500 Series Router User Guide