Filter
Top Products
Chapter 8 Security
WiMAX Device Configuration User’s Guide
140
This screen contains the following fields:
Table 60 IPSec VPN: Add
LABEL DESCRIPTION
Property
Enable Select Enable to activate this VPN policy.
Connection
Name
Enter the name of the VPN connection.
Connection
Type
Select the scenario that best describes your intended VPN connection.
• Initiator - Choose this to connect to an IPSec server. The WiMAX Device is
the client (dial-in user) and can initiate the VPN connection.
• On Demand - Choose this if the remote IPSec router has a static IP address
or a domain name. This WiMAX Device can initiate the VPN tunnel.
• Responder - Choose this to allow incoming connections from IPSec VPN
clients. The clients can have dynamic IP addresses and are also known as
dial-in users. Only the clients can initiate the VPN tunnel.
Gateway Information
Local Endpoint
Interface Select the interface for the VPN gateway.
IP Address Enter the IP address of the WiMAX Device in the IKE SA.
Remote Endpoint
IP Address Enter the IP address of the remote IPSec router in the IKE SA.
Authentication Method
Pre-Shared
Key
Type your pre-shared key in this field. A pre-shared key identifies a
communicating party during a phase 1 IKE negotiation.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62 hexadecimal
("0-9", "A-F") characters. You must precede a hexadecimal key with a "0x” (zero
x), which is not counted as part of the 16 to 62 character range for the key. For
example, in "0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Local ID Type Select IP to identify the WiMAX Device by its IP address.
Select Domain Name to identify this WiMAX Device by a domain name.
Select E-mail to identify this WiMAX Device by an e-mail address.
Content When you select IP in the Local ID Type field, type the IP address of your
computer in the Content field. If you configure the Content field to 0.0.0.0 or
leave it blank, the WiMAX Device automatically uses the Pre-Shared Key (refer
to the Pre-Shared Key field description).
It is recommended that you type an IP address other than 0.0.0.0 in the
Content field or use the Domain Name or E-mail ID type in the following
situations.
• When there is a NAT router between the two IPSec routers.
• When you want the remote IPSec router to be able to distinguish between
VPN connection requests that come in from IPSec routers with dynamic WAN
IP addresses.
When you select Domain Name or E-mail in the Local ID Type field, type a
domain name or e-mail address by which to identify this WiMAX Device in the
Local Content field. Use up to 31 ASCII characters including spaces, although
trailing spaces are truncated. The domain name or e-mail address is for
identification purposes only and can be any string.