![CONEL SPECTRE v3 ERT — настройка безопасности IPsec: алгоритмы и параметры обмена ключами [72/136]](/icons/site-icon-64.png){kind=icon}
CONEL SPECTRE v3 ERT — настройка безопасности IPsec: алгоритмы и параметры обмена ключами [72/136]
Превью страниц
Страница 72 /
136
![CONEL SPECTRE v3 ERT [72/136] Configuration](/views2/1190478/page72/bg48.png)
4. CONFIGURATION
Continued from previous page
Item Description
IKE DH Group Specifies the Diffie-Hellman groups which determine the strength
of the key used in the key exchange process. Higher group num-
bers are more secure, but require additional time to compute the
key.
ESP Algorithm Specifies the means by which the router selects the algorithm:
• auto – The encryption and hash algorithm are selected au-
tomatically.
• manual – The encryption and hash algorithm are defined
by the user.
ESP Encryption Encryption algorithm – DES, 3DES, AES128, AES192, AES256.
ESP Hash Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512.
PFS Enables/disables the Perfect Forward Secrecy function. The
function ensures that derived session keys are not compromised
if one of the private keys is compromised in the future.
PFS DH Group Specifies the Diffie-Hellman group number (see IKE DH Group).
Key Lifetime Lifetime key data part of tunnel. The minimum value of this pa-
rameter is 60 s. The maximum value is 86400 s.
IKE Lifetime Lifetime key service part of tunnel. The minimum value of this
parameter is 60 s. The maximum value is 86400 s.
Rekey Margin Specifies how long before a connection expires that the router
attempts to negotiate a replacement. Specify a maximum value
that is less than half of IKE and Key Lifetime parameters.
Rekey Fuzz Percentage of time for the Rekey Margin extension.
DPD Delay Time after which the IPsec tunnel functionality is tested.
DPD Timeout The period during which device waits for a response.
Authenticate Mode Specifies the means by which the router authenticates:
• Pre-shared key – Sets the shared key for both sides of the
tunnel.
• X.509 Certificate – Allows X.509 authentication in multi-
client mode.
Pre-shared Key Specifies the shared key for both sides of the tunnel. The prereq-
uisite for entering a key is that you select pre-shared key as the
authentication mode.
Continued on next page
63
Содержание
233- Firmware version
- Used symbols
- Gpl licence
- Contents
- Contents
- List of figures
- List of figures
- List of figures
- List of tables
- List of tables
- Standard equipment
- Optional features
- Basic information
- Advantages in relation to v2 concept
- This configuration manual describes
- Configuration options
- Configuration
- Basic information
- Access to the web configuration
- Access to the web conf
- Preventing the domain disagreement message
- Access to the web conf
- Status
- Mobile connection
- General status
- Status
- Primary lan secondary lan tertiary lan wifi
- Peripheral ports
- System information
- Status
- Status
- Mobile wan status
- Status
- Status
- Status
- Wifi scan
- Status
- Status
- Status
- Network status
- Status
- Status
- Dhcp status
- Status
- Ipsec status
- Dyndns status
- System log
- Status
- Status
- Lan configuration
- Lan configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Vrrp configuration
- Vrrp configuration
- Configuration
- Configuration
- Configuration
- Mobile wan configuration
- Mobile wan configuration
- Connection to mobile network
- Configuration
- Configuration
- Dns address configuration
- Dns address configuration
- Configuration
- Check connection to mobile network configuration
- Check connection to mobile network configuration
- Switch between sim cards configuration
- Switch between sim cards configuration
- Data limit configuration
- Data limit configuration
- Configuration
- Configuration
- Pppoe bridge mode configuration
- Pppoe bridge mode configuration
- Configuration
- Configuration
- Configuration
- Pppoe configuration
- Pppoe configuration
- Configuration
- Wifi configuration
- Wifi configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Wlan configuration
- Wlan configuration
- Configuration
- Configuration
- Configuration
- Backup routes
- Configuration
- Firewall configuration
- Firewall configuration
- Configuration
- Configuration
- Example of the firewall configuration
- Configuration
- Configuration
- Nat configuration
- Configuration
- Nat configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Openvpn tunnel configuration
- Openvpn tunnel configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Ipsec tunnel configuration
- Ipsec tunnel configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Gre tunnels configuration
- Gre tunnels configuration
- Configuration
- Configuration
- Configuration
- L2tp tunnel configuration
- L2tp tunnel configuration
- Configuration
- Configuration
- Pptp tunnel configuration
- Pptp tunnel configuration
- Configuration
- Configuration
- Dyndns configuration
- Dyndns configuration
- Configuration
- Ntp configuration
- Ntp configuration
- Configuration
- Snmp configuration
- Snmp configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Smtp configuration
- Smtp configuration
- Configuration
- Configuration
- Sms configuration
- Sms configuration
- Configuration
- Configuration
- Sending sms
- Configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Expansion port configuration
- Expansion port configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Usb port configuration
- Usb port configuration
- Configuration
- Configuration
- Configuration
- Configuration
- Startup script
- Configuration
- Up down script
- Configuration
- Configuration
- Automatic update configuration
- Automatic update configuration
- Configuration
- Customization
- User modules
- Customization
- Administration
- Change profile
- Change profile
- Administration
- Set real time clock
- Change password
- Administration
- Unlock sim card
- Set sms service center address
- Administration
- Restore configuration
- Backup configuration
- Backup configuration
- Administration
- Send sms
- Restore configuration
- Update firmware
- Administration
- Reboot
- Administration
- Configuration in typ situations
- Configuration in typ situations
- Access to the internet from lan
- Configuration in typ situations
- Configuration in typ situations
- Backup access to the internet from lan
- Configuration in typ situations
- Configuration in typ situations
- Configuration in typ situations
- Configuration in typ situations
- Secure networks interconnection or using vpn
- Configuration in typ situations
- Serial gateway
- Configuration in typ situations
- Configuration in typ situations
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
- Recommended literature
Похожие устройства
-
CONEL CGU 04iИнструкция по эксплуатации -
CONEL CDX 800Инструкция по эксплуатации -
CONEL CDA 70Технические характеристики -
CONEL CDA 70Инструкция по эксплуатации -
CONEL XR5i v2EРуководство по конфигурации -
CONEL XR5i v2EТехнические характеристики -
CONEL XR5i v2EРуководство по подключению -
CONEL XR5i v2EИнструкция по эксплуатации
-
CONEL XR5i v2FТехнические характеристики
-
CONEL XR5i v2FРуководство по конфигурации
-
CONEL XR5i v2FИнструкция по эксплуатации
-
CONEL CR10 v2Руководство по подключению
Узнайте о настройках безопасности IPsec, включая алгоритмы шифрования, группы Диффи-Хеллмана и параметры аутентификации для надежной защиты данных.
