Motorola Netopia 3342N User Manual

Administrator’s Handbook

152

Local ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Local ID Type, this field appears. This is the local (Gateway-side) sub-
net mask.

Remote ID Type

If Aggressive mode is selected as the Negotiation Method, this option
appears. Selection options are: IP Address, Subnet, Hostname, ASCII.

Remote ID
Address/Value

If Aggressive mode is selected as the Negotiation Method, this field
appears. This is the remote (central-office-side) IP address (or Name Value,
if Subnet or Hostname are selected as the Local ID Type).

Remote ID Mask

If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Remote ID Type, this field appears. This is the remote (central-office-
side) subnet mask.

Pre-Shared Key
Type

The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour sup-
por ts ASCII or HEX types

Pre-Shared Key

The Pre-Shared Key is a parameter used for authenticating each side. The
value can be ASCII or Hex and a maximum of 64 characters. ASCII is case-
sensitive.

DH Group

Diffie-Hellman is a public key algorithm used between two systems to
determine and deliver secret keys used for encr yption. Groups 1, 2 and 5
are suppor ted.

PFS Enable

Per fect For ward Secrecy (PFS) is used during SA renegotiation. When PFS
is selected, a Diffie-Hellman key exchange is required. If enabled, the PFS
DH group follows the IKE phase 1 DH group.

SA Encrypt Type

SA Encr yption Type refers to the symmetric encr yption type. This encr yp-
tion algorithm will be used to encr ypt each data packet. SA Encr yption
Type values suppor ted include DES and 3DES.

SA Hash Type

SA Hash Type refers to the Authentication Hash algorithm used during SA
negotiation. Values suppor ted include MD5 and SHA1. N/A will display if
NONE is chosen for Auth Protocol.

Invalid SPI
Recovery

Enabling this allows the Gateway to re-establish the tunnel if either the
Motorola Netopia® Gateway or the peer gateway is rebooted.

Soft MBytes

Setting the Soft MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft MByte value. The value
can be configured between 1 and 1,000,000 MB and refers to data traffic
passed. If this value is not achieved, the Hard MBytes parameter is
enforced. This parameter does not need to match the peer gateway.

Soft Seconds

Setting the Soft Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft Seconds value. The
value can be configured between 60 and 1,000,000 seconds. This param-
eter does not need to match the peer gateway.

Hard MBytes

Setting the Hard MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard MByte value.

The value can be configured between 1 and 1,000,000 MB and refers to
data traffic passed. This parameter does not need to match the peer gate-
way.

Hard Seconds

Setting the Hard Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard Seconds value. The
value can be configured between 60 and 1,000,000 seconds This parame-
ter does not need to match the peer gateway.

Table 3: IPSec Tunnel Details page parameters