Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
configuration:ipsec [2020/06/30 06:25] dodenhoeft |
configuration:ipsec [2020/06/30 06:26] dodenhoeft [SideB] |
||
|---|---|---|---|
| Line 100: | Line 100: | ||
| - | ==== SideB ==== | ||
| - | ^Local WAN^Remote WAN^ | ||
| - | |10.10.10.2|10.10.10.1| | ||
| - | ^General^Parameter^ | ||
| - | |Remote peer address|10.10.10.1| | ||
| - | ^Dead Peer Detection(DPD)^Parameter^ | ||
| - | |Detection cycle|30 sec| | ||
| - | |Failure threshold|3| | ||
| - | |Action|hold| | ||
| - | ^Authentication^Parameter^ | ||
| - | |Key exchange|IKEv2| | ||
| - | |Authentication type|pre shared key| | ||
| - | |PSK|"TopSecret01"| | ||
| - | |Local ID type|FQDN| | ||
| - | |Local ID|"sideB"| | ||
| - | |Peer ID type|FQDN| | ||
| - | |Peer ID|"sideA"| | ||
| - | ^IKE Proposal - Phase1^Parameter^ | ||
| - | |Negotiation mode|aggressive| | ||
| - | |Encryption algorithm|AES256| | ||
| - | |Authentication algorithm|SHA256| | ||
| - | |Diffie-Hellman group|Group14(modp2048)| | ||
| - | |Pseudo-random function|undefined| | ||
| - | |SA life time|86400 sec| | ||
| - | ^IPsec Proposal - Phase2^Parameter^ | ||
| - | |Encapsulation mode|Tunnel| | ||
| - | |IPsec protocol|ESP| | ||
| - | |Encryption algorithm|AES256| | ||
| - | |Authentication algorithm|SHA256| | ||
| - | |SA life time|28800 sec| | ||
| - | |Perfect forward secrecy (PFS)| - | | ||
| - | |Force encapsulation|enable| | ||
| - | ^Networks^Parameter^ | ||
| - | |Local network|192.168.2.0| | ||
| - | |Local netmask|24| | ||
| - | |Remote network|192.168.1.0| | ||
| - | |Remote netmask|24| | ||
| - | All necessary firewall rules for the IPsec functionality will be set automatically, with the enable of the IPsec service. | ||
| ===== Server mode ===== | ===== Server mode ===== | ||