tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
tainy hmod-v3-io, tainy hmod-l3-io - Dr. Neuhaus ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
VPN connect<strong>io</strong>ns<br />
Remote ID<br />
Local ID<br />
Wait for remote<br />
connect<strong>io</strong>n<br />
Pre-shared secret key (PSK)<br />
This method is primarily supported by older IPsec implementat<strong>io</strong>ns. Here<br />
authenticat<strong>io</strong>n is performed with a character string agreed on beforehand. In<br />
order to obtain high security, the character string should consist of about<br />
randomly-selected 30 lower-case and upper-case letters and numerals.<br />
The following characters are permitted:<br />
! $ % & ' ( ) * + , . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L<br />
M N O P Q R S T U V W X Y Z [ \ ] ^ ` a b c d e f g h I j k l m n o p q r s t u v<br />
w x y z { | } #<br />
The entry is concealed.<br />
The Local ID and the Remote ID are used by IPsec to identify the remote<br />
stat<strong>io</strong>ns uniquely when establishing the VPN connect<strong>io</strong>n.<br />
For authenticat<strong>io</strong>n with X.509 certificate or CA certificate:<br />
� If you keep the factory setting NONE, then the Distinguished Names<br />
from the own certificate and from the certificate communicated by the<br />
remote stat<strong>io</strong>n are automatically applied and used as the Local ID and<br />
Remote ID.<br />
� If you manually change the entry for the Local ID or the Remote ID,<br />
then the corresponding entries must be adapted at the remote stat<strong>io</strong>n.<br />
The own Local ID must be the same as the Remote ID of the remote<br />
stat<strong>io</strong>n and vice versa. The entries for Local or Remote IDs must be<br />
made in the ASN.1 format, e.g. "C=XY/O=XY Org/CN=xy.org.org"<br />
For authenticat<strong>io</strong>n with pre-shared secret key (PSK):<br />
� If you keep the factory setting NONE, then the own IP address is<br />
automatically used as the Local ID, and the IP address of the remote<br />
stat<strong>io</strong>n is used as the Remote ID:<br />
� If you manually change the entry for the Local ID or for the Remote ID,<br />
then the entries must have the format of a hostname (e.g.<br />
RemoteStat<strong>io</strong>n.de) or the format of an e-mail address<br />
(remote@stat<strong>io</strong>n.de). The own Local ID must be the same as the<br />
Remote ID of the remote stat<strong>io</strong>n and vice versa.<br />
Note:<br />
If with pre-shared secret key (PSK) the IP address is not used as the<br />
Remote ID, then the Aggressive Mode has to be set as the ISAKMP-SA<br />
mode.<br />
Yes The TAINY xMOD-V3-IO waits for the VPN gateway of the<br />
remote network to initiate establishment of the VPN<br />
connect<strong>io</strong>n.<br />
No The TAINY xMOD-V3-IO initiates establishment of the<br />
connect<strong>io</strong>n.<br />
Page 66 of 111 TAINY xMOD