User guide

ManualsBrandsVelocity ManualsComputer equipmentEdge GX440

VPN Configuration

Rev 2.3 Feb.12 73

My Identity Type Options:

• IP (default) - The My Identity - IP field displays with the WAN IP address assigned by

the carrier

• FQDN - The My Identity - FQDN field displays. Enter a fully qualified domain name

(FQDN) e. g., modemname.domainname.com

• User FQDN - The My Identity - FQDN field displays. Enter a User FQDN whose

values should include a username (E.g., user@domain.com).

My Identity - FQDN or

My Identity - IP

My Identity - FQDN displays only when User FQDN or FQDN is selected from the My

Identity Type drop-down menu. Enter an FQDN or User FDQN.

My Identity - IP displays only when IP is selected from the My Identity Type drop-down

menu. The WAN IP address assigned by the carrier displays.

Peer Identity Type Required in some configurations to identify the client or peer side of a VPN connection.

Options:

• IP (default) - The Peer Identity - IP field displays with the IP address of a VPN server

set up by Sierra Wireless for your testing purposes

• FQDN - The Peer Identity - FQDN field displays. Enter an FQDN

(E. g., modemname.domainname.com)

• User FQDN - The Peer Identity - FQDN field displays. Enter a User FQDN whose

values should include a username (E.g., user@domain.com).

Peer Identity - IP or

Peer Identity - FQDN

Peer Identity - FQDN displays only when User FQDN or FQDN is selected from the Peer

Identity Type drop-down menu. Enter the Peer FQDN or Peer User FQDN.

Peer Identity - IP displays only when IP is selected from the Peer Identity Type drop-down

menu. The VPN Gateway IP Address displays.

Negotiation Mode Enable this configuration to operate the onboard VPN under Aggressive mode. Aggressive

mode offers increased performance at the expense of security.

Options: Main Mode or Aggressive Mode. Default: Main Mode.

IKE Encryption

Algorithm

Determines the type and length of encryption key used to encrypt/decrypt ESP

(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES

(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.

Options: DES, Blowfish, 3DES, Cast 128, AES-128, and AES-256. Default: AES-128.

IKE Authentication

Algorithm

MD5 is an algorithm that produces a 128-bit digest for authentication. SHA1 is a more

secure algorithm that produces a 160-bit digest.

Options: MD5, SHA1, and SHA256. Default: SHA1.

IKE Key Group Options: DH1, DH2, or DH5. Default: DH2

IKE SA Life Time Determines how long the VPN tunnel is active in seconds.

Options: 180 to 86400. Default: 7200.

Local Address Type The network information of the device. Options: Use the Host Subnet, Single Address, and

Subnet Address. Default: Subnet Address.

Local Address Device subnet address.

Local Address -

Netmask

Device subnet mask information. 24-bit netmask.

Default: 255.255.255.0

Remote Address Type The network information of the IPsec server behind the IPsec gateway.

Options: Subnet Address and Single Address. Default: Subnet Address.

Remote Address The IP address of the device behind the gateway.

Field Description