CTEK Z4200U SkyRouter User Manual

2 March 2014

40

IPSEC – Enabled or disabled. A system level parameter

Security Level - A system level parameter

Allow Internet and Secure Traffic – In this mode IP traffic addressed for the IPsec tunnel will be transmitted
through the tunnel. Other traffic will continue to route over the open IP network. This setting allows web type traffic
to co-exist with secure traffic on the same SkyRouter.

Allow Only Secure Traffic – In this mode only IP traffic addressed for the IPsec tunnel will be transmitted. Since
this precludes the use of the standard routing feature the Routing button in the main menu is disabled in this
mode of operation.

Note

– The remaining portion of the IPsec screen deals with tunnel specific parameters meaning that each parameter

must be set for each tunnel deployed.

Tunnel – Enabled or Disabled

Local Router Definition

Identifier – A fully qualified name to be used in DNS name resolution to determine the local router’s IP address.
This field is not mandatory but is provided to support dynamically addressed routers.

Subnet IP Address (Display Only) – The local area network address of the local router

IP Address (Informational Only) – Indicates that the IP address of the local router is supplied by the wireless
network.

Subnet Mask (Display Only) The subnet mask that is being used on this local router.

Remote Router Definition

Identifier – A fully qualified name to be used in DNS name resolution to determine the remote router’s IP address.
This field is not mandatory but is provided to support dynamically addressed routers.

Subnet IP Address – The remote area network address of the remote router

IP Address – The IP address of the remote router.

Subnet Mask (Display Only) The subnet mask that is being used on this remote router.

Authentication and Encryption

Pre-Shared Key – A text string that will be used by both ends of the tunnel for authentication

Exchange Mode - Available settings are Main or Aggressive. Defines the number of exchanges used to complete
IKE Phase 1. Main is the more robust setting while aggressive mode uses few exchanges and is therefore
somewhat more risky.

Dead Peer Detection (DPD) - Defines the intervals (in seconds) between DPD messages following idle periods. A
zero (0) setting disables DPD.

Note

– Phase 1 and Phase 2 on this panel refer to IKE Phase 1 and IKE phase 2. During IKE phase 1 IKE authenticates

IPSec peers and negotiates IKE Security Associations (SAs), setting up a secure channel for negotiating IPSec SAs in
phase 2.During IKE phase 2 IKE negotiates IPSec SA parameters and sets up matching IPSec SAs in the peers.The