Hotbrick VPN 800 Manuale Utente
HotBrick Network Solutions
Page 56
Key Management
Key – Key Type: there are two key types (manual key and auto key)
available for the key exchange management.
available for the key exchange management.
Manual Key: If manual key is selected, no key negotiation is needed.
Encryption Key- This field specifies a key to encrypt and decrypt IP
traffic. Authentication Key – This field specifies a key use to auth
entication IP traffic. Inbound/outbound SPI (Security Parameter Index)
– is carried on the ESP header. Each tunnel must have a unique
inbound and outbound SPI, and no two tunnels share the same SPI.
Notice that Inbound SPI must match the other router’s outbound SPI.
Encryption Key- This field specifies a key to encrypt and decrypt IP
traffic. Authentication Key – This field specifies a key use to auth
entication IP traffic. Inbound/outbound SPI (Security Parameter Index)
– is carried on the ESP header. Each tunnel must have a unique
inbound and outbound SPI, and no two tunnels share the same SPI.
Notice that Inbound SPI must match the other router’s outbound SPI.
AutoKey (IKE)- There are two types of operation modes can be used.
Main mode accomplishes a phase one IKE exchange by establishing a
secure channel. Aggressive Mode is another way of accomplishing a
phase one exchange. It is faster and simpler than main mode, but does
not provide identity protection for the negotiating nodes.
secure channel. Aggressive Mode is another way of accomplishing a
phase one exchange. It is faster and simpler than main mode, but does
not provide identity protection for the negotiating nodes.
Perfect Forward Secrecy (PFS) – If PFS is enable, IKE phase 2
negotiation will generate a new key material for IP traffic encryption &
authentication. Preshared Key – This field is to authenticate the remote
IKE peer. Key Lifetime- This is specified the lifetime of the IKE
generated Key. If the time expires or data is passed over this volumn, a
new key will be renegotiated, By default, 0 is for no limit.
negotiation will generate a new key material for IP traffic encryption &
authentication. Preshared Key – This field is to authenticate the remote
IKE peer. Key Lifetime- This is specified the lifetime of the IKE
generated Key. If the time expires or data is passed over this volumn, a
new key will be renegotiated, By default, 0 is for no limit.