In this page you may decide whether using a type of password (Shared Secret) or the RSA public key to secure your IPSec connection. The functionality of Perfect Forward Secrecy can be added to both by selecting the corresponding select box on the bottom of the page.
Following ways of automatic keying are available:
The Local ID requires an IP address, Quadro FQDN (Fully Qualified Domain Name) that is resolved to an IP address, or any @-ed string that is used in the same way.
The Remote ID also requires an IP address, the IPSec Connection partner's FQDN (Fully Qualified Domain Name) that is resolved to an IP address, or any @-ed string that is used in the same way.
The Local ID and Remote ID text fields may have the values in one of the formats presented below:
Attention: The Local ID and Remote ID values are mandatory for RSA selection and are optional for Shared Secret selection. However, it is recommended to define the Local ID and Remote ID values for multiple road-warrior connections.
PFS (Perfect Forward Secrecy) is a procedure of system key exchange, which uses a long-term key and generates short-term keys as is required. Thus, an attacker who acquires the long-term key can neither read previous messages that they may have captured nor read future ones.
If the IPSec partner device selected on the first page of the IPSec connection wizard supports IPSec compression, an additional select box - Use IPSec Compression - is offered. This function compresses data before they get encrypted and may be helpful to downsize the amount of data. If the IPSec connection is used for telephony only, IPSec compression should be disabled - telephony data is already compressed.