Page 101 / 351 Scroll up to view Page 96 - 100
101
Links Bar
PAT Address
If NAT is enabled, this field appears. You can specify a Port Address Trans-
lation (PAT) address or leave the default all-zeroes (if Xauth is enabled). If
you leave the default. the address will be requested from the remote router
and dynamically applied to the Gateway.
Negotiation
Method
This parameter refers to the method used during the Phase I key
exchange, or IKE process. SafeHarbour supports Main or Aggressive
Mode. Main mode requires 3 two-way message exchanges while Aggres-
sive mode only requires 3 total message exchanges.
Local ID type
If Aggressive mode is selected as the Negotiation Method, this option
appears. Selection options are: IP Address, Subnet, Hostname, ASCII
Local ID Address/
Value
If Aggressive mode is selected as the Negotiation Method, this field
appears. This is the local (Gateway-side) IP address (or Name Value, if Sub-
net or Hostname are selected as the Local ID Type).
Local ID Mask
If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Local ID Type, this field appears. This is the local (Gateway-side) sub-
net mask.
Remote ID Type
If Aggressive mode is selected as the Negotiation Method, this option
appears. Selection options are: IP Address, Subnet, Hostname, ASCII.
Remote ID
Address/Value
If Aggressive mode is selected as the Negotiation Method, this field
appears. This is the remote (central-office-side) IP address (or Name Value,
if Subnet or Hostname are selected as the Local ID Type).
Remote ID Mask
If Aggressive mode is selected as the Negotiation Method, and Subnet as
the Remote ID Type, this field appears. This is the remote (central-office-
side) subnet mask.
Pre-Shared Key
Type
The Pre-Shared Key Type classifies the Pre-Shared Key. SafeHarbour sup-
ports ASCII or HEX types
Pre-Shared Key
The Pre-Shared Key is a parameter used for authenticating each side. The
value can be ASCII or Hex and a maximum of 64 characters. ASCII is case-
sensitive.
DH Group
Diffie-Hellman is a public key algorithm used between two systems to
determine and deliver secret keys used for encryption. Groups 1, 2 and 5
are supported.
PFS Enable
Perfect Forward Secrecy (PFS) is used during SA renegotiation. When PFS
is selected, a Diffie-Hellman key exchange is required. If enabled, the PFS
DH group follows the IKE phase 1 DH group.
SA Encrypt Type
SA Encryption Type refers to the symmetric encryption type. This encryp-
tion algorithm will be used to encrypt each data packet. SA Encryption
Type values supported include DES and 3DES.
Table 3: IPSec Tunnel Details page parameters
Page 102 / 351
102
SA Hash Type
SA Hash Type refers to the Authentication Hash algorithm used during SA
negotiation. Values supported include MD5 and SHA1. N/A will display if
NONE is chosen for Auth Protocol.
Invalid SPI
Recovery
Enabling this allows the Gateway to re-establish the tunnel if either the
Netopia Gateway or the peer gateway is rebooted.
Soft MBytes
Setting the Soft MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft MByte value. The value
can be configured between 1 and 1,000,000 MB and refers to data traffic
passed. If this value is not achieved, the Hard MBytes parameter is
enforced. This parameter does not need to match the peer gateway
.
Soft Seconds
Setting the Soft Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Soft Seconds value. The
value can be configured between 60 and 1,000,000 seconds. This param-
eter does not need to match the peer gateway
.
Hard MBytes
Setting the Hard MBytes parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard MByte value.
The value can be configured between 1 and 1,000,000 MB and refers to
data traffic passed. This parameter does not need to match the peer gate-
way
.
Hard Seconds
Setting the Hard Seconds parameter forces the renegotiation of the IPSec
Security Associations (SAs) at the configured Hard Seconds value. The
value can be configured between 60 and 1,000,000 seconds This parame-
ter does not need to match the peer gateway
.
IPSec MTU
Some ISPs require a setting of e.g. 1492 (or other value). The default
1500 is the most common and you usually don’t need to change this
unless otherwise instructed. Accepted values are from 100 – 1500.
This is the starting value that is used for the MTU when the IPSec tunnel is
installed. It specifies the maximum IP packet length for the encapsulated
AH or ESP packets sent by the router. The MTU used on the IPSec connec-
tion will be automatically adjusted based on the MTU value in any received
ICMP
can't fragment
error messages that correspond to IPSec traffic initi-
ated from the router. Normally the MTU only requires manual configuration
if the ICMP error messages are blocked or otherwise not received by the
router.
Table 3: IPSec Tunnel Details page parameters
Page 103 / 351
103
Links Bar
Xauth Enable
Extended Authentication (XAuth), an extension to the Internet Key
Exchange (IKE) protocol. The Xauth extension provides dual authentication
for a remote user’s Motorola Netopia® Gateway to establish a VPN, autho-
rizing network access to the user’s central office. IKE establishes the tun-
nel, and Xauth authenticates the specific remote user's Gateway. Since
NAT is supported over the tunnel, the remote user network can have multi-
ple PCs behind the client Gateway accessing the VPN. By using XAuth, net-
work VPN managers can centrally control remote user authentication.
Xauth Username/
Password
Xauth authentication credentials.
Table 3: IPSec Tunnel Details page parameters
Page 104 / 351
104
Link:
Router P
ass
w
or
d
When you click
Router P
ass
w
or
d
, the
Router Password
page appears.
By default, your Gateway requires no password to access the administrative web-based
user interface. If you wish to secure administrative access to your Gateway, you can option-
ally enable a password challenge by enabling a local
Admin
password login.
Use the following procedure to create or change an Administrative (Admin) password for
your Netopia Gateway:
Enter your new password in the New Password field.
Motorola’s rules for a Password are:
- It can have up to eight alphanumeric characters.
- It is case-sensitive.
Enter your new password again in the Confirm Password field.
You confirm the new password to verify that you entered it correctly the first time.
Password changes are automatically saved, and take effect immediately.
Click the
Sa
ve Chang
es
button.
Page 105 / 351
105
Links Bar
Link:
Time Zone
When you click the
Time Zone
link, the
Time Zone
page appears.
You can set your local time zone by selecting your time zone from the pull-down menu. This
allows you to set the time zone for access controls (and in general).

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top