NEXCOM IFA 1610 User Manual

Copyright © 2014 NEXCOM International Co., Ltd. All Rights Reserved.

IFA 3610/IFA 2610/IFA 1610 User Manual

Chapter 7: The VPN Menu

65

Connection type
There are four different connection modalities can be chosen for the IPsec tunnel:

▪ Host-to-Net. The client is connecting to the IPsec server on the IFA 3610/IFA 2610/IFA 1610 appliances is a single

remote workstation, server, or resource.

▪ Net-to-Net. The client is an entire subnet. In other words, the IPsec connection is established between remote subnets.

▪ L2TP Host-to-Net. The client is a single device, using also L2TP.

▪ XAuth Host-to-Net. The client is a single device and authentication is carried out by XAuth.

Hint: Linux users can read more about XAuth by reading the Xsecurity(7) manpage, also available online for everyone.

The options available for each of them are basically same, with only one more option available for Net-to-Net connections.

Authentication Type
The option selected from the drop-down menu determines how the client’s authentication is carried out. Available values
are:

▪ Password (PSK). The client shall supply the password specified in the Use a pre-shared key textfield situated on the

right.

▪ Peer is identified by either IPV4_ADDR, FQDN, USER_FQDN or DER_ASN1_DN string in remote ID field. The client is

authenticated by its IP Address, domain name, or by other unique information of the IPsec tunnel.

▪ Use an existing certificate. The certificate chosen from the drop-down menu on the right shall be used.

▪ Generate a new certificate. Additional options will be shown to create a new certificate.

▪ Upload a certificate. Select from the local workstation a certificate to use.

▪ Upload a certificate request. Select from the local workstation a certificate request to obtain a new certificate.

▪ XAUTH hybrid. Only available for XAuth Host-to-Net connections: The user will authenticate, while the encryption

tunnel must not.

Local ID
A string that identifies the client within the local network.

Interface
The interface through which the host is connecting.

Local subnets
The local subnets that will be accessible from the client.

Note:

Mobile devices running iOS can not properly connect via XAuth to the appliance if this value is not set, therefore

the special subnet 0.0.0.0/0’ is automatically added when the `Connection type is set to XAuth.

Hint: Only when using IKEv2 it is possible to add more than one subnet, one per line, since IKEv1 only supports one
subnet.

Remote ID
The ID that identifies the remote host of the connection.

Remote subnet
Only available for Net-to-Net connections, it specifies the remote subnet.

Hint: When using IKEv2 it is possible to add more than one subnet.

Remote host/IP
The IP or FQDN of the remote host.

Note:

When a hostname is supplied in this option, it must match the local ID of the remote side.