Manualshelf

Manual

ManualsBrandsAirLive ManualsRoutersIP-2000VPN
61626364656667686970
AirLive IP-2000VPN User’s Manual
64
IKE Phase 1 (IKE SA)
Local Identity
This setting must match the "Remote Identity" on the remote VPN. Select the
desired option, and enter the required data in the "Local Identity Data" field.
WAN IP Address - This is the most common method. If selected, no input is
required.
Fully Qualified Domain Name - enter the Domain Name assigned to this
device.
Fully Qualified User name - This name does not have to a valid Internet
Domain Name. E-mail addresses are often used for this entry.
DER ANS.1 DN - This must be a DER ANS.1 Domain Name.
Remote Identity
This setting must match the "Local Identity" on the remote VPN. Select the desired
option, and enter the required data in the "Remote Identity Data" field.
IP Address - This is the most common method. If selected, no input is
required.
Fully Qualified Domain Name - enter the Domain Name assigned to this
device.
Fully Qualified User name - This name does not have to a valid Internet
Domain Name. E-mail addresses are often used for this entry.
DER ANS.1 DN - This must be a DER ANS.1 Domain Name.
Authentication
RSA Signature requires that both VPN endpoints have valid Certificates
issued by a CA (Certification Authority).
For Pre-shared key, enter the same key value in both endpoints. The key
should be at least 8 characters (maximum is 128 characters). Note that this key
is used for the IKE SA only. The keys used for the IPSec SA are automatically
generated.
Authentication
Algorithm
Select the desired option, and ensure that both endpoints have the same settings.
Encryption
Algorithm
Select the desired method, and ensure the remote VPN endpoint uses the same
method.
The 3DES algorithm provides greater security than DES, but is slower.
If using AES, you must select the Key Size. If using DES or 3DES, this field is
ignored.
IKE Exchange
Mode
Select the desired option, and ensure the remote VPN endpoint uses the same
mode.
Main Mode provides identity protection for the hosts initiating the IPSec
session, but takes slightly longer to complete.
Aggressive Mode provides no identity protection, but is quicker.