Chapter 12 IPSec VPN
P-2812HNU-51c User’s Guide
When the remote IP address type is configured to Single Address,
this field is not available.
When the remote IP address type is configured to Subnet, enter a
subnet mask on the network behind the remote IPSec router.
Protocol This field displays ESP and the P-2812HNU-51c uses ESP
(Encapsulation Security Payload) for VPN. The ESP protocol (RFC 2406)
provides encryption as well as some of the services offered by AH.
Key Exchange
Select Auto(IKE) or Manual from the drop-down list box. Auto(IKE)
provides more protection so it is generally recommended. Manual is a
useful option for troubleshooting if you have problems using
Auto(IKE) key management.
Select Pre-Shared Key to use a pre-shared key for authentication. A
pre-shared key identifies a communicating party during a phase 1 IKE
negotiation. It is called "pre-shared" because you have to share it with
another party before you can communicate with them over a secure
Select Certificates (X.509) to use a certificate for authentication.
Pre-Shared Key This field is available only when you select Pre-Shared Key in the
Authentication Method field.
Type from 8 to 31 case-sensitive ASCII characters or from 16 to 62
hexadecimal ("0-9", "A-F") characters. You must precede a
hexadecimal key with a "0x” (zero x), which is not counted as part of
the 16 to 62 character range for the key. For example, in
"0x0123456789ABCDEF", “0x” denotes that the key is hexadecimal
and “0123456789ABCDEF” is the key itself.
Both ends of the VPN tunnel must use the same pre-shared key. You
will receive a “PYLD_MALFORMED” (payload malformed) packet if the
same pre-shared key is not used on both ends.
Certificates This field is available only when you select Certificates in the
Authentication Method field.
Select the certificate you want to use from the drop-down list box. You
can create, import and configure certificates in the Security >
Certificates screens.
NAT Traversal Select Enable if you want to set up a VPN tunnel when there are NAT
routers between the P-2812HNU-51c and remote IPSec router. The
remote IPSec router must also enable NAT traversal, and the NAT
routers have to forward UDP port 500 packets to the remote IPSec
router behind the NAT router. Otherwise, select Disable.
Advanced IKE
Click Show Advanced Settings to display and configure more
detailed settings of your IKE key management. Otherwise, click Hide
Advanced Settings.
Enable Manual
ID Type
Select this option to specify how to identify the P-2812HNU-51c and
remote IPSec router.
Table 74 Security > IPSec VPN > IPSec Setting > IKE (continued)