User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2

211

212

213

214

215

216

217

218

219

220

Chapter 10 IPSec VPN Config Screens

LAN-Cell 2 User’s Guide

218

Password Enter the corresponding password for the above user name. The password can

be up to 31 case-sensitive ASCII characters, but spaces are not allowed.

IKE Proposal

Negotiation Mode Select Main or Aggressive from the drop-down list box. Multiple SAs connecting

through a secure gateway must have the same negotiation mode.

Encryption

Algorithm

Select which key size and encryption algorithm to use in the IKE SA. Choices are:

DES - a 56-bit key with the DES encryption algorithm

3DES - a 168-bit key with the DES encryption algorithm

AES - a 128-bit key with the AES encryption algorithm

The LAN-Cell and the remote IPSec router must use the same algorithms and

keys. Longer keys require more processing power, resulting in increased latency

and decreased throughput.

Authentication

Algorithm

Select which hash algorithm to use to authenticate packet data in the IKE SA.

Choices are SHA1 and MD5. SHA1 is generally considered stronger than MD5,

but it is also slower.

SA Life Time

(Seconds)

Define the length of time before an IKE SA automatically renegotiates in this field.

It may range from 180 to 3,000,000 seconds (almost 35 days).

A short SA Life Time increases security by forcing the two VPN gateways to

update the encryption and authentication keys. However, every time the VPN

tunnel renegotiates, all users accessing remote resources are temporarily

disconnected.

Key Group Select which Diffie-Hellman key group (DHx) you want to use for encryption keys.

Choices are:

DH1 - use a 768-bit random number

DH2 - use a 1024-bit random number

Enable Multiple

Proposals

Select this to allow the LAN-Cell to use any of its phase 1 key groups and

encryption and authentication algorithms when negotiating an IKE SA.

When you enable multiple proposals, the LAN-Cell allows the remote IPSec

router to select which phase 1 key groups and encryption and authentication

algorithms to use for the IKE SA, even if they are less secure than the ones you

configure for the VPN rule.

Clear this to have the LAN-Cell use only the configured phase 1 key groups and

encryption and authentication algorithms when negotiating an IKE SA.

Associated

Network Policies

The following table shows the policy(ies) you configure for this rule.

To add a VPN policy, click the add network policy ( ) icon in the VPN Rules

(IKE) screen (see Figure 127 on page 212). Refer to Section 10.2.2 on page 219

for more information.

# This field displays the policy index number.

Name This field displays the policy name.

Local Network This field displays one or a range of IP address(es) of the computer(s) behind the

LAN-Cell.

Remote Network This field displays one or a range of IP address(es) of the remote network behind

the remote IPsec router.

Apply Click Apply to save your changes back to the LAN-Cell.

Cancel Click Cancel to exit this screen without saving.

Table 77 SECURITY > VPN > VPN Rules (IKE) > Edit Gateway Policy (continued)

LABEL DESCRIPTION