User guide

ManualsBrandsVelocity ManualsComputer equipmentEdge GX440

121

122

123

124

125

126

127

128

129

130

ALEOS 4.3.4 Software Configuration User Guide

128 4114514

GRE

The AirLink Device can act as a Generic Routing Encapsulation (GRE) endpoint,

providing a means to encapsulate a wide variety of network layer packets inside

IP tunneling packets. With this feature you can reconfigure IP architectures

without worrying about connectivity. GRE creates a point-to-point link between

routers on an IP network.

IKE DPD Interval

(seconds)

Use this field to set the DPD interval (in seconds). If there has been no traffic for the period

of time set in this field, the AirLink device retries checking with the server, as described in

IKE DPD.

Options are: 0 to 3600 (default is 1200)

If this field is set to 0, DPD monitoring is turned off (or disabled as described in the IKE

DPD section), but the AirLink device still responds to DPD requests from the server.

Local Address Type The network information of the device. Options are: Use the Host Subnet, Single Address,

and Subnet Address (default)

Local Address Device subnet address

Local Address -

Netmask

Device subnet mask information; 24-bit netmask

Default: 255.255.255.0

Remote Address Type The network information of the IPsec server behind the IPsec gateway.

Options are: Subnet Address (default) and Single Address

Remote Address The IP address of the device behind the gateway

Remote Address -

Netmask

Remote subnet mask information. 24-bit netmask

Default: 255.255.255.0

Perfect Forward

Secrecy

Provides additional security through a DH shared secret value. When this feature is

enabled, one key cannot be derived from another. This ensures previous and subsequent

encryption keys are secure even if one key is compromised. Options are: Yes (default) or

No.

IPsec Encryption

Algorithm

Determines the type and length of encryption key used to encrypt/decrypt ESP

(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES

(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.

Options are: None, DES, 3DES, AES-128 (default), and AES-256.

IPsec Authentication

Algorithm

Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a 128-bit digest

for authentication. SHA is a more secure algorithm that produces both 160-bit (SHA1) and

256-bit (SHA256) digests.

Options are: None, MD5, SHA1 (default), and SHA 256.

IPsec Key Group Determines how the AirLink Device VPN creates an SA with the VPN server. The DH

(Diffie-Hellman) key exchange protocol establishes pre-shared keys during the phase 1

authentication. The AirLink Device supports three prime key lengths, including Group 1

(768 bits), Group 2 (1,024 bits), and Group 5 (1,536 bits). Options are: None, DH1, DH2

(default), or DH5.

IPsec SA Life Time Determines how long the VPN tunnel is active in seconds

Options are: 180 to 86400; Default: 7200

Field Description