IPSec Configuration Help

This page consists of two sub-pages: Connections and RSA Key Management.

The Connections page provides an overview of all existing IPSec connections, listed in a table and characterized by their Connection Name, the Remote Gateway addresses (the IP address or the hostname of the IPSec connection partner), the State of the IPSec connection (Stopped, Connecting, Activated, Waiting or Connected) and the dedicated Keying Type (the kind of encryption). The content of the table can be sorted ascending and descending by clicking on the column heading. Every existing IPSec connection has a checkbox to select it for editing.

The following buttons are available to work with the IPSec connections:

• Start activates the selected IPSec connection and changes its State into connected or activated, depending on the IPSec connection type. If no record is selected, an error message will occur.
  Attention: It is not recommended to simultaneously start a static and a dynamic connection configured to use the same secret key. Dynamic connection may capture the static connection peer and vice versa depending on which connection established first.

• Stop disconnects the selected IPSec connection and changes the state into stopped. If no record is selected, an error message will occur. More than one record may be selected at once to be stopped at the same time.

• Add leads to the IPSec Connection Wizard pages where a new IPSec connection can be specified.
• Edit leads to the second page of IPSec Connection Wizard where the parameters of the selected IPSec connection may be modified. Only one record may be selected, otherwise an error message occurs.
• Delete removes the selected IPSec connections. If no records are selected an error message occurs.
• Select all selects all existing IPSec connections.
• Inverse selection inverses the current selection of IPSec connections (if no records are selected, all records will be checked).

• Restart all Connections reactivates the IPSec Connections and changes their State into connected or activated if the restart procedure is successful.

The RSA Key Management page is used to see the current RSA key and to generate a new one. This page contains the following components:

The RSA public key field displayes the current public key.

The radio button selection below is used to while generating a new RSA key and allows you to choose the length of the RSA key (1024 or 2048 bits). The Generate button is used to generate a new RSA key. Newly generated RSA key will appear then in the RSA public key field.

Email this key to peer text field requires the e-mail address where the current RSA key should be sent. Sent button is used to send the current RSA key to the selected e-mail address.

A valid RSA key should fit to theh following requirements:

• RSA key doesn't start with "0s"
• RSA key doesn't end with "=="
• RSA key contains symbols other than Alphanum, +, /, =

For more instructions on how to deal with RSA keys, see How to Manage an RSA Key.