AirLive WN-300ARM-VPN User Manual

Page 86

Advertising
background image

AirLive WN-300ARM-VPN User’s Manual

84

Local Identity

Type

Select the desired option to match the "Remote Identity Type" setting on

the remote VPN endpoint.

 WAN IP Address - your Internet IP address.

 Fully Qualified Domain Name - your domain name.

 Fully Qualified User Name - your name, E-mail address, or other ID.

Local Identity

Data

Enter the data for the selection above. (If "IP Address" is selected, no input

is required.)

Remote Identity

Type

Select the desired option to match the "Local Identity Type" setting on the

remote VPN endpoint.

 IP Address - The Internet IP address of the remote VPN endpoint.

 Fully Qualified Domain Name - the Domain name of the remote VPN

endpoint.

 Fully Qualified User Name - the name, E-mail address, or other ID of

the remote VPN endpoint.

Remote Identity

Data

Enter the data for the selection above. (If "IP Address" is selected, no input

is required.)

SA Parameters

Encryption

Encryption Algorithm used for both IKE and IPSec. This setting must match

the setting used on the remote VPN Gateway.

Authentication

Authentication Algorithm used for both IKE and IPSec. This setting must

match the setting used on the remote VPN Gateway.

Pre-shared Key

The key must be entered both here and on the remote VPN Gateway. This

method does not require using a CA (Certificate Authority).

SA Life Time

This determines the time interval before the SA (Security Association)

expires. (It will automatically be re-established if necessary.) While using a

short time period (or data amount) increases security, it also degrades

performance. It is common to use periods over an hour (3600 seconds) for

the SA Life Time. This setting applies to both IKE and IPSec SAs.

IPSec PFS

(Perfect Forward

Secrecy)

If enabled, security is enhanced by ensuring that the key is changed at

regular intervals. Also, even if one key is broken, subsequent keys are no

easier to break. (Each key has no relationship to the previous key.)

This setting applies to both IKE and IPSec SAs. When configuring the

remote endpoint to match this setting, you may have to specify the "Key

Group" used. For this device, the "Key Group" is the same as the "DH

Group" setting in the IKE section.

VPN Auto Policies Screen

This screen is displayed when you click the VPN Log button on the VPN Policies screen, or on the Status

Advertising
Popular Brands
Popular manuals