Sony 2140847 Network Router User Manual


 
AirLink Helix User Guide
38 2140847
Command Description
VPN 1 Type Tunnel Disabled or IPsec tunnel. Use this option to enable or disable the VPN tunnel. If
custom settings are used, they will be saved and the tunnel can be disabled and re-
enabled without needing to reenter any of the settings. The IPsec VPN employs the IKE
(Internet Key Exchange) protocol to set up a SecurityAssociation (SA) between the Helix
and a Cisco (or Cisco compatible) enterprise VPN server. IPSec consists of two phases to
setup an SA between peer VPNs. Phase 1 creates a secure channel between the Helix
VPN and the enterprise VPN, thereby enabling IKE exchanges. Phase 2 sets up the IPSec
SA that is used to securely transmit enterprise data. For a successful configuration, all
settings for the VPN tunnel must be identical between the Helix VPN and the enterprise
VPN server.
VPN1 Status Disabled, Not Connected, or Connected. This indicates the current status of the VPN
connection. Use this as part of troubleshooting a VPN connection.
SNTP Server Address The Simple Network Time Protocol Server (SNTP) ensures the clock on the Helix VPN is
synchronized to standard time. The default NTP server is pool.ntp.org. You can specify any
preferred NTP server. Both the VPN server and client must use the same SNTP address.
VPN Gateway
Address
The IP address of the server that this client connects to. This IP address must be open to
connections from the Helix Box.
Remote Subnet (IP
Addr Mask)
The default configuration is 0.0.0.0/0 which will direct all traffic over the GRE tunnel.
Pre-shared Key 1 Pre-shared Key (PSK) used to initiate the VPN tunnel.
My Identity If these fields are left blank, My Identity will default to the WAN IP address assigned by the
carrier and Peer Identity will default to the VPN Server IP. For a fully qualified domain name
(FQDN), these values should be preceded by an ‘@’character (@www.domain.com). For
user-FQDN, these values should include a username (user@domain.com)
Peer Identity Required in some configurations to identify the client or peer side of a VPN connection.
This defaults to the VPN server IP address.
Negotiation Mode Main Mode or Aggressive. To operate the onboard VPN under Aggressive mode, enable
this configuration. By default the Helix operates under Main Mode. Aggressive mode offers
increased performance at the expense of security.
IKE Encryption
Algorithm
DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/
decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.
AES (Advanced Encryption Standard) is supports 128 bit encryption.
IKE Authentication
Algorithm
SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a
128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit
digest.
IPSec Encryption
Algorithm
DES, 3DES, or AES. Determines the type and length of encryption key used to encrypt/
decrypt ESP (Encapsulating Security Payload) packets. 3DES supports 168-bit encryption.
AES (Advanced Encryption Standard) supports 128 bit encryption.
IPSec Authentication
Algorithm
SHA1 or MD5. Can be configured with MD5 or SHA1. MD5 is an algorithm that produces a
128-bit digest for authentication. SHA1 is a more secure algorithm that produces a 160-bit
digest.
IKE SA Life Time 180 to 86400. Determines how long the VPN tunnel is active in seconds. The default value
is 28,800 seconds, or 8 hours