D-Link DBG-2000 Product Manual 1 - Page 107
IPSec host Initiator
 |
View all D-Link DBG-2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
Failure time to primary (seconds) Extended authentication Extended authentication type Authentication server Username Password Local authentication Next Protocol selection Encryption algorithm Authentication algorithm SA Lifetime (sec.) Perfect forward secrecy DH group Previous Save Cancel DBG-2000 User Guide If VPN tunnel backup is enabled, you can use the VPN backup of the selected profile if the primary tunnel is down. When the primary tunnel is up, the backup tunnel will be turned down. Specify the time after which the backup tunnel will be down. Enable or disable the extended authentication feature. Select the authentication type that you want to use. The options are Local authentication, Authentication server, and IPSec host (Initiator). Select any one of the external authentication servers from the drop-down, and select the respective server. Enter the user name. This field is available when you select the IPSec host (Initiator) as the Extended authentication type. The length of the user name may vary from 1 to 64 characters. Enter the password. This field is available when you select the IPSec host (Initiator) as the Extended authentication type. The length of the password may vary from 8 to 63 characters. You may select one of the saved authentications on the local server. This field is available when you select Local authentication as the Extended authentication type. Click Next to go to the IKE Phase-2 page. IKE phase-2 settings Select the protocol for IKE phase-2. Select the encryption algorithm to be used. You may select multiple algorithms. Select the authentication algorithm from the drop-down list. You may select multiple algorithms. It refers to the security association lifetime, and the range varies from 300 to 604800 seconds. If enabled, it does not allow the same key to be generated, forcing the user to use a new DH key exchange. Select the DH group. Click Previous to go to the IKE Phase-1 Settings page. Click Save to save your settings. Click Cancel to revert to previous settings. Site-to-Site The site-to-site VPN establishes the Gateway-to-Gateway IPsec tunnel with other DBG-2000 devices registered in the same or different sites of the same organization. Once a user selects the quick VPN type as Site-to-Site, all other DBG-2000 participants with the same quick VPN mode are listed. To establish a tunnel with a particular remote device, enable the Join member field. Once the tunnel configuration is pushed to the remote peers, traffic gets initiated by the user, and a tunnel is established between the remote peers. In the Local networks section, if you have multiple subnets, you can specify which one subnet participates in the VPN, i.e., traffic from the enabled subnet will be encrypted by the IPSec VPN. All local subnets must be unique within the VPN topology. 107
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102 -
103 -
104 -
105 -
106 -
107 -
108 -
109 -
110 -
111 -
112 -
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
 |
 |
