User manual AIRLIVE IP-2000VPN

[. . . ] Specifications IP-2000VPN Internet VPN Router User's Manual 1 AirLive WLA-9000AP User's Manual Declaration of Conformity We, Manufacturer/Importer OvisLink Corp. 5F. , NO. 6, Lane 130, Min-Chuan Rd. , Hsin-Tien City, Taipei County, Taiwan Declare that the product Internet VPN Router AirLive IP-2000VPN is in conformity with In accordance with 89/336 EEC-EMC Directive and 1999/5 EC-R & TTE Directive Clause EN Description Limits and methods of measurement of radio disturbance characteristics of information technology equipment Disturbances in supply systems caused by household appliances and similar electrical equipment "Harmonics" Disturbances in supply systems caused by household appliances and similar electrical equipment "Voltage fluctuations" Information Technology equipment-Immunity characteristics-Limits And methods of measurement 55022:1998 61000-3-2:2000 EN EN 61000-3-3:1995/ A1:2001 55024:1998 EN CE marking Manufacturer/Importer Signature Name Position/ Title : Albert Yeh Vice President (Stamp) Date 2008/1/1 AirLive IP-2000VPN CE Declaration Statement Declaration OvisLink Corp. tímto prohlasuje, ze tento AirLive IP-2000VPN je ve shod se základními pozadavky a dalsími píslusnými ustanoveními smrnice 1999/5/ES. erklærer herved, Dansk [Danish] at følgende udstyr AirLive IP-2000VPN overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF. [. . . ] Select the desired option, and enter the required data in the "Remote Identity Data" field. · · · · IP Address - This is the most common method. Fully Qualified Domain Name - enter the Domain Name assigned to this device. Fully Qualified User name - This name does not have to a valid Internet Domain Name. RSA Signature requires that both VPN endpoints have valid Certificates issued by a CA (Certification Authority). · For Pre-shared key, enter the same key value in both endpoints. · Authentication Authentication Algorithm Select the desired option, and ensure that both endpoints have the same settings. Encryption Algorithm Select the desired method, and ensure the remote VPN endpoint uses the same method. · · The 3DES algorithm provides greater security than DES, but is slower. If using DES or 3DES, this field is ignored. IKE Exchange Mode Select the desired option, and ensure the remote VPN endpoint uses the same mode. · · Main Mode provides identity protection for the hosts initiating the IPSec session, but takes slightly longer to complete. Aggressive Mode provides no identity protection, but is quicker. AirLive IP-2000VPN User's Manual 64 Direction Select the desired option: · · · Initiator - Only outgoing connections will be created. Outgoing traffic which would otherwise result in a connection will be ignored. Both Directions - Both incoming and outgoing connections are allowed. IKE SA Life Time This setting does not have to match the remote VPN endpoint; the shorter time will be used. Although measured in seconds, it is common to use time periods of several hours, such 28, 800 seconds. DH Group Select the desired method, and ensure the remote VPN endpoint uses the same method. The smaller bit size is slightly faster. IKE PFS If enabled, PFS (Perfect Forward Security) enhances security by changing the IPSec key at regular intervals, and ensuring that each key has no relationship to the previous key. This setting should match the remote endpoint. IKE Keep Alive Use Ping to maintain VPN connection. The value is used to set the LAN IP address of other VPN side's device. Click Next to see the following IKE Phase 2 screen. IKE Phase 2 This screen sets the parameters for the IPSec SA. When using IKE, there are separate connections (SAs) for IKE and IPSec. 65 AirLive IP-2000VPN User's Manual IKE Phase 2 (IPSec SA) IPSec SA Life Time This setting does not have to match the remote VPN endpoint; the shorter time will be used. Although measured in seconds, it is common to use time periods of several hours, such 28, 800 seconds. IPSec PFS If enabled, PFS (Perfect Forward Security) enhances security by changing the IPSec key at regular intervals, and ensuring that each key has no relationship to the previous key. AH Authentication AH (Authentication Header) specifies the authentication protocol for the VPN header, if used. If you do enable it, ensure the algorithm selected matches the other VPN endpoint. [. . . ] If IKE is used, the parameters (settings) for the IKE SA (Security Association). Generally, you will need at least one (1) VPN Policy for each remote site for which you wish to establish VPN connections. It is possible, and sometimes necessary, to have multiple Policies for the same remote site. If multiple policies for the same remote site are enabled, the policies are examined in the order in which they are listed, and the first matching policy will be used. While it is possible to change the order of the policies, it may not be easy to get the desired action from multiple policies. VPN Configuration The general rule is that each endpoint must have matching Policies, as follows: VPN Endpoint address Each VPN endpoint must be configured to initiate or accept connections to the remote VPN client or Gateway. [. . . ]