User guide

ALEOS 4.2.3 User Guide

74 20080616

GRE

The AirLink Device can act as a Generic Routing Encapsulation (GRE) endpoint,

providing a means to encapsulate a wide variety of network layer packets inside

IP tunneling packets. With this feature you can reconfigure IP architectures

without worrying about connectivity. GRE creates a point-to-point link between

routers on an IP network.

Figure 6-4: ACEmanager: VPN - VPN1- GRE Tunnel

Please refer to the IPsec table for parameter descriptions.

Remote Address -

Netmask

Remote subnet mask information. 24-bit netmask.

Default: 255.255.255.0

Perfect Forward

Secrecy

Provides additional security through a DH shared secret value. When this feature is

enabled, one key cannot be derived from another. This ensures previous and subsequent

encryption keys are secure even if one key is compromised. Options: Yes or No.

IPsec Encryption

Algorithm

Determines the type and length of encryption key used to encrypt/decrypt ESP

(Encapsulating Security Payload) packets. 3DES supports 168-bit encryption. AES

(Advanced Encryption Standard) supports both 128-bit and 256-bit encryption.

Options: None, DES, 3DES, AES-128, Blowfish, Cast 128, and AES-256.

Default: AES-128.

IPsec Authentication

Algorithm

Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a 128-bit digest

for authentication. SHA1 is a more secure algorithm that produces a 160-bit digest.

Options: None, MD5, SHA1, and SHA 256. Default: SHA1.

IPsec Key Group Determines how the AirLink Device VPN creates an SA with the VPN server. The DH

(Diffie-Hellman) key exchange protocol establishes pre-shared keys during the phase 1

authentication. AirLink Device supports three prime key lengths, including Group 1

(768 bits), Group 2 (1,024 bits), and Group 5 (1,536 bits). Options: DH1, DH2, or DH5.

IPsec SA Life Time Determines how long the VPN tunnel is active in seconds.

Options: 180 to 86400. Default: 7200.

Field Description