Wireless-G ADSL Gateway with SRX200
• Any. Select Any if you want the Gateway to accept requests from any IP address.
Remote Secure Gateway
The Remote Secure Gateway is the VPN device on the remote end of the VPN tunnel. The remote VPN device can
be a VPN router, VPN server, or computer with VPN client software that supports IPSec. From the drop-down
menu, select IP Addr. or Any.
• IP Addr. Select IP Addr. if you want to designate a static IP address. Then enter the VPN device's IP address in
the IP field.
• Any. Select Any if you want the Gateway to accept requests from any IP address.
Key Management
• Key Exchange Method. Select Auto (IKE) or Manual for the Key Exchange Method. Both ends of a VPN tunnel
must use the same mode of key management. The two methods are described below. After you have selected
the method, the settings available on this screen may change, depending on the selection you have made.
Auto (IKE)
IKE is an Internet Key Exchange protocol used to negotiate key material for Security Association (SA). IKE uses
the Pre-Shared Key to authenticate the remote IDE peer.
• Encryption. When you select Auto (IKE), 3DES (168-bit) encryption is automatically selected. The same
type of encryption must be used by the VPN device at the remote end of the tunnel.
• Authentication. Select one of the two authentication methods available, SHA1 or MD5. MD5 is a one-way
hashing algorithm that produces a 128-bit digest. SHA is a one-way hashing algorithm that produces a
160-bit digest. SHA1 is recommended because it is more secure. Make sure both ends of the VPN tunnel
use the same authentication method.
• PFS. PFS (Perfect Forward Secrecy) ensures that the initial key exchange and IKE proposals are secure. To
use PFS, select Enable. Otherwise, select Disable.
• Pre-Shared Key. Enter a series of numbers or letters in the Pre-Shared Key field. Based on this word,
which MUST be entered at both ends of the tunnel, a key is generated to scramble (encrypt) the data
being transmitted over the tunnel, where it is unscrambled (decrypted). You may use any combination of
up to 24 numbers or letters in this field. No special characters or spaces are allowed.
• Key Life Time. You may select to have the key expire at the end of a time period of your choosing. Enter
the number of seconds you'd like the key to be useful, or leave it blank for the key to last indefinitely.
Chapter 6: Configuring the Wireless-G ADSL Gateway with SRX200
The Security Tab
Figure 6-29: Key Exchange Method - Auto (IKE)
45