Ipsec global settings – XiNCOM Twin WAN XC-DPG503 User Manual

IPSec Global Settings

IPSec Global Setting

IP Global Setting
Enable

Enabling either WAN 1, WAN 2, or both will start the VPN global setting.
ISAkmp Port

Internet Security Association and Key Protocol Management (ISAkmp) is designed to

negotiate, establish, modify, and delete security associations and their attributes. In

particular, it was assigned UDP port 500 by the IANA.
Phase 1 DH Group

Use DH Group 1(768-bits),DH Group 2(1024-bits), Group 5 (1536-bits) to generate IPSec

SA keys.
Phase 1 Encryption Method

There are three data encryption methods available, DES, 3DES, and AES.
Phase 1 Authentication Method

There are two authentication available. MD5 and SHA1 (Secure Hash Algorithm)
Phase 1 SA Life Time

By default the Security Association lifetime is set at 28800 Sec.
Maxtime to complete phase 1

The aim of phase 1 is to authenticate and establish a secure tunnel, which will protect

further IKE negotiation. The maximum time default is 30 sec.
Maxtime to complete phase 2

Maximum time to establish the IPSec SAs. By default the maximum time is 30 sec.
Log Level
Select a VPN log level that you like to display on VPN log.

Planning the VPN

Consider these questions and setups when planning your VPN:

If the remote end is a LAN network, the two-endpoint network must have different LAN IP

address ranges. If the remote endpoint is a single PC running a VPN client, its destination

address must be a single IP address, with subnet mask of 255.255.255.255

Will you be using the Internet Key Exchange (IKE) setup or Manual Keying? For either

method, you must specify each phase of the connection.

At least one side must have a fixed IP address. The other side with a dynamic IP address

must always be the initiator of the connection.

What encryption level will you use? (DES/3DES - hardware encryption; AES - software

encryption)

35