User guide

ManualsBrandsVelocity ManualsComputer equipmentEdge GX440

121

122

123

124

125

126

127

128

129

130

VPN Configuration

Rev 1 Oct.13 127

My Identity - IP or

My Identity - FQDN

• My Identity - IP appears only when IP is selected from the My Identity Type drop-down

menu. The WAN IP address assigned by the carrier appears.

• My Identity - FQDN appears only when User FQDN or FQDN is selected from the My

Identity Type drop-down menu. Enter an FQDN or User FQDN.

Note: If you are using a FQDN for your device (My Identity) either:

• Set up a Dynamic DNS on the Services > Dynamic DNS tab. (See Dynamic DNS on

page 151.) or

• Use a DNS server as your domain host

Peer Identity Type Required in some configurations to identify the client or peer side of a VPN connection.

Options are:

• IP (default) — The Peer Identity - IP field appears with the IP address of a VPN server

set up by Sierra Wireless for your testing purposes

• FQDN — The Peer Identity - FQDN field appears. Enter an FQDN

(e. g. modemname.domainname.com)

• User FQDN — The Peer Identity - FQDN field appears. Enter a User FQDN whose

values should include a username (e.g., user@domain.com)

Peer Identity - IP or

Peer Identity - FQDN

• Peer Identity - IP appears only when IP is selected from the Peer Identity Type drop-

down menu. The VPN Gateway IP Address appears.

• Peer Identity - FQDN appears only when User FQDN or FQDN is selected from the

Peer Identity Type drop-down menu. Enter the Peer FQDN or Peer User FQDN.

Negotiation Mode Enable this configuration to operate the onboard VPN under Aggressive mode. Aggressive

mode offers increased performance at the expense of security.

Options are:

• Main (default)

• Aggressive

IKE Encryption

Algorithm

Determines the type and length of encryption key used to encrypt/decrypt ESP

(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES

(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.

Options are: DES, 3DES, AES-128 (default), and AES-256

IKE Authentication

Algorithm

MD5 is an algorithm that produces a 128-bit digest for authentication. SHA is a more

secure algorithm that produces both 160-bit (SHA1) and 256-bit (SHA256) digests.

Options are: MD5, SHA1 (default), and SHA256

IKE Key Group Options are: DH1, DH2 (default), or DH5

IKE SA Life Time Determines how long the VPN tunnel is active in seconds.

Options are: 180 to 86400; Default: 7200

IKE DPD Enable (or disable) Dead Peer Detection (DPD)

When DPD is enabled, the AirLink device checks the server if there has been no traffic for

a configured interval. If it does not receive an acknowledgment, it retries at 5 second

intervals. If there is no acknowledgment after 5 retries, the status of the VPN is set to Not

Connected and the device attempts to renegotiate IPSEC security parameters with its peer.

Default is Disabled.

Field Description