1. Home
    2. /
  2. Manuals
    3. /
  3. Option
    4. /
  4. GlobeSurfer-II
    5. /
  5. 20
Page 96 / 126 Scroll up to view Page 91 - 95
96
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
6.6.12.1 IPSec Settings
By clicking the ‘IPSec’ icon in the ‘Advanced’ screen. The ‘Internet Protocol Security (IPSec)’ screen will appear
(see Figure 6.102).
Figure 6.64 Internet protocol security (IPSec)
This screen enables you to configure:
‘Block Unauthorized IP’
Select the Enabled check-box to block unauthorized IP packets to GlobeSurfer
®
II.
Specify the following parameters:
‘Maximum Number of Authentication Failures’
The maximum number of packets to authenticatebefore blocking the origin’s IP address.
‘Block Period (in seconds)’
The timeframe in which packets from an unauthorized IP address will be dropped.
‘Enable Anti-Replay Protection’
Select this option to enable dropping of packets that are recognized (by their sequence number) as already
been received.
‘Connections’
This section will display the list of IPSec connections. To learn how to create an IPSec connection, please refer
to section 6.6.12.3.1.
6.6.12.1.1 Public Key Management
The Settings button in the IPSec screen enables you to manage GlobeSurfer
®
II’s public keys.
1. Press the ‘Settings’ button view GlobeSurfer
®
II’s public key (see Figure 6.65). If necessary, you
can copy the public key from this screen.
Figure 6.65 Internet protocol security (IPSex) settings
Page 97 / 126
97
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
2. Press the ‘Recreate Key’ button to recreate the pubic key, or the ‘Refresh’ button to refresh the key
displayed in this screen.
7.8.1.2.2 Log Settings
The IPSec Log can be used to identify and analyze the history of the IPSec package commands,
attempts to create connections, etc. IPSec activity, as well as that of other GlobeSurfer
®
II modules, is
displayed together in this view.
1. Press the ‘Log Settings’ button. The ‘IPSec Log Settings’ screen will appear (see Figure 6.66).
2. Select the check-boxes relevant to the information you would like the IPSec log to record.
3. Click ‘OK’ to save the settings.
Figure 6.66 IPSec Log Settings
6.6.12.2
IPSec Connection Settings
The IPSec connections are displayed under the ‘Connections’ section of the ‘Internet Protocol Security
(IPSec)’ screen (see Figure 6.64), in addition to the general ‘Network Connections’ screen (see
section Error! Reference source not found.).
To configure an IPSec connection settings, perform the following:
1. Press the connection’s Edit action icon. The ‘VPN IPSec Properties’ screen will appear (see
Figure 6.67).
Page 98 / 126
98
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
Figure 6.67 VPN IPSec Properties
2. Press the ‘Settings’ button. The ‘Configure VPN IPSec’ screen will appear (see Figure 6.68),
enabling you to configure the following IPSec connection settings.
Figure 6.68 Configure VPN IPSec
‘Host Name or IP Address of Destination Gateway’
The IP address of your IPSec peer. If your connection is an IPSec Server, this field will display
”Any Remote Gateway”.
‘Encapsulation Type’
Select between ‘Tunneling’ and ‘Transport’ encapsulation. ‘Transport’ encapsulation is
performed between two gateways (no subnets), and therefore needs no explicit configuration.
‘Tunneling’
requires that you configure the following parameters:
Local Subnet Define your local endpoint, by selecting one of the following options:
IP Subnet (default) – enter GlobeSurfer
®
II’s Local Subnet IP Address and Local Subnet Mask.
IP Range – enter the ‘From’ and ‘To’ IP addresses, forming the endpoints range of the local
subnet(s).
IP Address – enter the Local IP Address to define the endpoint as a single host.
None – select this option if you do not want to define a local endpoint. The endpoint will be set
to the gateway.
‘Remote Subnet’
This section is identical to the ‘Local Subnet’ section above, but is for defining the remote
endpoint.
Page 99 / 126
99
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
‘Compress (Support IPComp protocol)’
Select this check-box to compress packets during encapsulation with the IP Payload
Compression protocol. Please note that this reduces performance (and is therefore unchecked
by default).
‘Protect Protocol’
Select the protocols to protect with IPSec: All, TCP, UDP, ICMP or GRE. When selecting TCP or
UDP, additional source port and destination port combo-boxes will appear, enabling you to select
‘All’ or to specify ‘Single’ ports in order to define the protection of specific packets. For example,
in order to protect L2TP packets, select UDP and specify 1701 as both single source and single
destination ports.
‘Route NetBIOS Broadcasts’
Select this option to allow NetBIOS packets through the IPSec tunnel, which otherwise would not
meet the routing conditions specified.
‘Key Exchange Method’
The IPSec key exchange method can be ‘Automatic’ (the default) or ‘Manual’. Selecting one of
these options will alter the rest of the screen.
a. Automatic key exchange settings:
Figure 6.69IPSec automatic key exchange
Page 100 / 126
100
GlobeSurfer
®
II 1.8 - 7.2 - 7.2 S
REFERENCE MANUAL
‘Auto Reconnect’
The IPSec connection will reconnect automatically if disconnected for any reason.
‘IPSEC AUTOMATIC PHASE 1 – PEER AUTHENTICATION’
‘Mode’
Select the IPSec mode – either ‘Main Mode’ or ‘Aggressive Mode’. Main mode is a
secured but slower mode, which presents negotiable propositions according to the
authentication algorithms that you select in the check-boxes. Aggressive Mode is faster
but less secured. When selecting this mode, the algorithm check-boxes are replaced by
radio buttons, presenting strict propositions according to your selections.
‘Negotiation attempts’
Select the number of negotiation attempts to be performed in the automatic key exchange
method. If all attempts fail, GlobeSurfer
®
II will wait for a negotiation request.
‘Life Time in Seconds’
The timeframe in which the peer authentication will be valid.
‘Rekey Margin’
Specifies how long before connection expiry should attempts to negotiate a replacement
begin. It is similar to that of the key lifetime and is given as an integer denoting seconds.
‘Rekey Fuzz Percent’
Specifies the maximum percentage by which Rekey Margin should be randomly increased
to randomize re-keying intervals.
‘Peer Authentication’
Select the method by which GlobeSurfer
®
II will authenticate your IPSec peer:
IPSec Shared secret – enter the IPSec shared secret.
RSA Signature – enter the peer’s RSA signature (equivalent to GlobeSurfer
®
II’s
public key – see section 6.6.12.1).
Certificate – if a certificate exists on GlobeSurfer
®
II, it will appear when you
select this option. Enter the certificate’s local ID and peer ID. To learn how to add
certificates to GlobeSurfer
®
II, please refer to section 6.6.5.
‘Encryption Algorithm’
Select the encryption algorithms that GlobeSurfer
®
II will attempt to use when negotiating
with the IPSec peer.
‘Hash Algorithm’
Select the hash algorithms that GlobeSurfer
®
II will attempt to use when negotiating with
the IPSec peer.
‘Group Description Attribute’
Select the Diffie-Hellman (DH) group description(s). Diffie-Hellman is a public-key
cryptography scheme that allows two parties to establish a shared secret over an insecure
communications channel.
‘IPSEC AUTOMATIC PHASE 2 – KEY DEFINITION’
‘Life Time in Seconds’
The length of time before a security association automatically performs renegotiation.
‘Use Perfect Forward Secrecy (PFS)’
Select whether Perfect Forward Secrecy of keys is required on the connection’s keying
channel (with PFS, penetration of the key-exchange protocol does not compromise keys
negotiated earlier). Deselecting this option will hide the next parameter.
‘Group Description Attribute’
Select whether to use the same group chosen in phase 1, or reselect specific groups.
‘Encryption Algorithm’
Select the encryption algorithms that GlobeSurfer
®
II will attempt to use when negotiating
with the IPSec peer.

Rate

4 / 5 based on 2 votes.

Popular Option Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top