Users Manual

ManualsBrandsPEPWAVE ManualsElectronicsPEPWAVE / peplink Wireless Product

https://www.peplink.com 144 Copyright @ 2021 Peplink

Pre-shared

Key

This defines the peer authentication pre-shared key used to authenticate this VPN

connection. The connection will be up only if the pre-shared keys on each side match.

Remote

Certificate

(pem

encoded)

Available only when X.509 Certificate is chosen as the Authentication method, this field

allows you to paste a valid X.509 certificate.

Local ID

In Main Mode, this field can be left blank. In Aggressive Mode, if Remote Gateway IP

Address is filled on this end and the peer end, this field can be left blank. Otherwise, this

field is typically a U-FQDN.

In Main Mode, this field can be left blank. In Aggressive Mode, if Remote Gateway IP

Remote ID

Address is filled on this end and the peer end, this field can be left blank. Otherwise, this

field is typically a U-FQDN.

Phase 1 (IKE)

In Main Mode, this allows setting up to six encryption standards, in descending order of

Proposal

priority, to be used in initial connection key negotiations. In Aggressive Mode, only one

selection is permitted.

This is the Diffie-Hellman group used within IKE. This allows two parties to establish a

Phase 1 DH

shared secret over an insecure communications channel. The larger the group number, the

higher the security.

Group

Group 2: 1024-bit is the default value.

Group 5: 1536-bit is the alternative option.

Phase 1 SA

This setting specifies the lifetime limit of this Phase 1 Security Association. By default, it is

Lifetime

set at 3600 seconds.

Phase 2 (ESP)

In Main Mode, this allows setting up to six encryption standards, in descending order of

Proposal

priority, to be used for the IP data that is being transferred. In Aggressive Mode, only one

selection is permitted.

Perfect forward secrecy (PFS) ensures that if a key was compromised, the attacker will be

able to access only the data protected by that key.

None - Do not request for PFS when initiating connection. However, since there is no valid

Phase 2 PFS

reason to refuse PFS, the system will allow the connection to use PFS if requested by the

Group

remote peer. This is the default value.

Group 2: 1024-bit Diffie-Hellman group. The larger the group number, the higher the

security.

Group 5: 1536-bit is the third option.

Phase 2 SA

This setting specifies the lifetime limit of this Phase 2 Security Association. By default, it is

Lifetime

set at 28800 seconds.

IPsec VPN on the Peplink Balance is specially designed for multi-WAN environments. For instance, if a

user sets up multiple IPsec profiles for his multi-WAN environment and WAN1 is connected and healthy,