Manualshelf

User's Manual

ManualsBrandsPismo Labs Technology ManualsElectronicsPepwave / Peplink / Pismo Wireless Product
41424344454647484950
USER MANUAL
Peplink Balance Series
http://www.peplink.com -100 / 227 - Copyright © Peplink
Choose between the Preshared Key and X.509 methods of authentication.
Mode
Choose Main Mode if both IPsec peers use static IP addresses.
Choose Aggressive Mode if one of the IPsec peers uses dynamic IP addresses.
Force UDP
Encapsulation
For
forced UDP encapsulation regardless of NAT-traversal, tick this checkbox.
Pre-
shared Key
This defines the peer authentication pre-shared key used to authenticate this VPN
connection. The connection will be up only if the pre-shared keys on each side match.
Local ID
InMain Mode, this field can be left blank.
InAggressive Mode, if Remote Gateway IP Addressis filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Remote ID
InMain Mode, this field can be left blank.
InAggressive Mode, if Remote Gateway IP Addressis filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Phase 1 (IKE)
Proposal
InMain Mode, this allows setting up to sixencryption standards, in descending order of
priority, to be used in initial connection key negotiations.
InAggressive Mode, only one selection is permitted.
Phase 1
DH Group
This is the Diffie-Hellman group used within IKE. This allows two parties to establish a
shared secret over an insecure communications channel. The larger the group
number, the higher the security.
Group 2 - 1024-bit is the default value.
Group 5 - 1536-bit is the alternative option.
Phase 1 SA Lifetime
This setting specifies the lifetime limit of this Phase 1 Security Association. By default,
it is set at 3600 seconds.
Phase 2 (ESP)
Proposal
InMain Mode, this allows setting up to sixencryption standards, in descending order of
priority, to be used for the IP data that is being transferred.
InAggressive Mode, only one selection is permitted.
Phase 2 PFS Group
Perfect forward secrecy (PFS) ensures that if a key was compromised, the attacker will
be able to access only the data protected by that key.
None - Do not request for PFS when initiating connection. However, since there is no
valid reason to refuse PFS, the system will allow the connection to use PFS if
requested by the remote peer. This is the default value.
Group 2 - 1024-bit Diffie-Hellman group. The larger the group number, the higher the
security.
Group 5 - 1536-bit is the third option.
Phase 2 SA Lifetime
This setting specifies the lifetime limit of this Phase 2 Security Association. By default,
it is set at 28800 seconds.