User's Manual

ManualsBrandsSMC Networks ManualsComputers & AccessoriesWireless Gateway

101

102

103

104

105

106

107

108

109

110

SMCD3GNV4 and SMCD3GNV4E Wireless EMTA Gateway Administrator Manual

Table 29. Add Service Page Options

Option Description

IP Sec Tunnel Name Enter a unique name for the IPSec tunnel you are creating.

#Local Setting

Local WAN Address Enter the WAN IP address of the local host.

Local Host IP Enter the IP address of the local host.

Local Host Netmask Enter the netmask of the local host.

#Remote Gateway

Remote WAN Address Enter the WAN IP address of the remote gateway other end of the VPN tunnel.

Remote Host Address Enter the IP address of the remote host at the other end of the VPN tunnel.

Remote Host Netmask Enter the netmask of the remote host other end of the VPN tunnel.

#Key Management

IKE Negotiation Mode Select the IKE operating mode. Choices are:

• Main = creates an encrypted channel before exchanging the identities.

• Aggressive = quicker than Main Mode, exchanges endpoint IDs in “clear text”, while performing

Diffie-Hellman (DH) exchange and establishing the secure channel. Aggressive Mode is less secure than

Main Mode.

IKE DH Group Select the DH group that will produce the secret shared value. The strength of the technique is that it allows

participants to create the secret value over an unsecured medium without passing the secret value through the

wire. You can select from three DH groups. The size of the prime modulus used in each group's calculation

differs as follows:

• Group 2 = D-H Group 2 algorithm is used for the Diffie-Hellman Key Exchange. DH Group 2 uses a 1024-bit

encryption.

• Group 5 = D-H Group 5 algorithm is used for the Diffie-Hellman Key Exchange. DH Group 5 uses a 1536-bit

encryption.

• Group 6 = D-H Group 6 algorithm is used for the Diffie-Hellman Key Exchange. DH Group 6 offers the

highest key size and the highest level of security.

IKE Pre-shared Key Enter a “pass code”. The pass code must be the same at both the local and the remote side. Both ends of the

tunnel must use the same key; otherwise, the VPN tunnel cannot be established.

IKE Hash Checks that the data has not changed in transmission. Both ends of the tunnel must use the same setting;

otherwise, the VPN tunnel cannot be established. Choices are:

• md5 = faster than SHA, but less secure.

• SHA1 = a one-way hashing algorithm that produces a 160-bit digest. SHA is more secure than MD5

IKE Encryption Encryption algorithm used during the Authentication phase. Choices are

• 3des = triple DES is a symmetric strong encryption algorithm that is compliant with the OpenPGP standard.

It is the application of DES standard, where three keys are used in succession to provide additional

security.

• aes = Advanced Encryption Standard offers the highest standard of security. The effective key lengths that

can be used with AES are 128, 192, and 256 bits. The higher the bit rate, the stronger the encryption but the

trade-off is lower throughput. More secure than 3DES.

Both ends of the tunnel must use the same setting; otherwise, the VPN tunnel cannot be established.

#IP Sec