BiGuard VPN Client Configuration – Phase 2 Configuration
“IPSec Configuration” or “Phase 2” window will concern settings for Phase 2.
The purpose of Phase 2 is to negotiate the IPSec security parameters that are applied to the
traffic going thought tunnels negotiated during Phase 1.
Name: Label for IPSec Configuration only used by the VPN client. This parameter is never
transmitted during IPSec Negotiation. It is possible to change this name at any time and read it in
the tree list window. Two Phases can not have the same name (“billion” in our example).
VPN Client address: Virtual IP address used by the client inside the remote LAN: The computer
will appear in the LAN with this IP address (“192.168.205.117” in our example). It is important
this IP address not to belong to the remote LAN.
Address type: The remote endpoint may be a LAN or a single computer. In the first case
choose "Subnet address". Choose "Single address" otherwise. When choosing "Subnet address",
the two fields "Remote LAN address" and "Subnet mask" became available. When choosing
"Single address", only the field "Remote host address" is available.
Remote address: This field may be "Remote host address" or "Remote LAN address"
depending of the address type. It is the remote IP address, or LAN network address of the
gateway, that opens the VPN tunnel.
Subnet mask: Subnet mask of the remote LAN. Only available when address type is equal to
"Subnet address".
ESP encryption: Encryption algorithm negociated during IPSec phase (3DES, AES, ...).
ESP authentication: Authentication algorithm negociated during IPSec phase (MD5, SHA, ...).