This page displays the VPN statistics and configuration.
Name: User defined name of this VPN connection.
State: Enable or Disable the VPN connection.
Connection Type: Select between Host to Host - VPN tunnel for Local and Remote subnets are fixed or Host to Subnet - VPN tunnel for Remote subnet area is dynamic and Local subnet is fixed.
IKEv2: IKE version 2 settings to be used. The acceptable values are: Permit, (the default) signifying no IKEv2 should be transmitted, but will be accepted if the other ends initiates to us with IKEv2; Never, signifying no IKEv2 negotiation should be transmitted or accepted; Propose, signifying that the device will permit IKEv2, and also use it as the default to initiate; Insist, signifying that the device will only accept and receive IKEv2 and IKEv1 negotiations will be rejected.
Authentication Mode: The authentication mode of IPSec VPN. Select from PSK, RSA, XAUTH, and X509. Pre-shared Key (PSK) is used when there is a single key common to both ends of the VPN. RSA uses RSA digital signatures. XAUTH provides an additional level of authentication by allowing the IPSec gateway to request extended authentication from remote users, thus forcing remote users to respond with their credentials before being allowed access to the VPN.
Remote Peer Type: Set the remote peer type. This can enable additional processing during the IKE negotiation.
Mode Configuration: Enable or disable extended authentication operation and the settings provided to the client during the configuration exchange.
Type: Tunnel or Transport. Tunnel Mode is used for protecting traffic between different networks, when traffic must pass through an intermediate, untrusted network. Transport Mode is used for end-to-end communications (for example, for communications between a client and a server).
Interface: Interface to use to connect to VPN Gateway.
Remote End Point: Remote VPN Gateway’s IP Address. Depending on how the peer is configured, to use Aggressive mode this field may be configured to any or the peer’s IP address.
Remote Subnet: Subnet behind the VPN Gateway.
Remote ID: : Specifies the identifier we expect to receive from the remote host during Phase 1 negotiation.
Remote Router Next Hop: next-hop gateway IP address for the VPN Gateway.
Local Subnet: Defines what local devices have access to or can be accessed from the VPN connection.
Local ID: Specifies the identifier sent to the remote host during Phase 1 negotiation.
Local Router Next Hop: next-hop gateway IP address for our connection to the public network.
Perfect Forward Secrecy: whether Perfect Forward Secrecy of keys is desired on the keying channel. Enabling this feature will require IKE to generate a new set of keys in Phase 2 rather than using the same key generated in Phase 1
Local RSA Key: For RSA, it is the device key for RSA signature authentication.
Local Key Length: For RSA, it is the device key length for RSA signature authentication.
Key Length range is from 768 to 4096 in multiples of 16.
Remote Key: For RSA, it is the VPN Gateway key for RSA signature authentication. For XAUTH, it is the Group password
Pre-shared Key (PSK): Pre-Shared Key used in the IPSec setting between the Local and VPN Gateway.
Username: Username for authenticating with VPN Gateway
Password: Password for authenticating with VPN Gateway
Aggressive Mode: Enable or disable Aggressive Mode. In Aggressive mode, IKE tries to combine as much information into fewer packets while maintaining security. Aggressive mode is slightly faster but less secure. Aggressive mode must be disabled if SA is to be established using IKEv2.
NAT Traversal: Enable or disable NAT Traversal. If there is an external NAT device between VPN tunnels, the user must enable NAT Traversal.
ISAKMP Phase 1 Encryption: Encryption Algorithm in key exchange.
ISAKMP Phase 1 Authentication: Hash Algorithm in key exchange.
ISAKMP Phase 1 DH Group: Diffie-Hellman groups (the Key Exchange group between the Remote and VPN Gateways).
ISAKMP Phase 1 IKE Lifetime: Lifetime for IKE SA.
ISAKMP Phase 2 Encryption: Encryption Algorithm in data exchange.
ISAKMP Phase 2 Authentication: Hash Algorithm in data exchange.
ISAKMP Phase 2 DH Group: Diffie-Hellman groups (the Key Exchange group between the Remote and VPN Gateways) for Phase 2.
ISAKMP Phase 2 SA Lifetime: Lifetime for SA in Phase 2.
Use Unreachable Host Detection Host and Ping Interval to monitor connectivity with a host on the remote network. The VPN tunnel is restarted if Max Tries pings to the host fail.