Filter
Top Products
6: Basic Parameters
SLC™ 8000 Advanced Console Manager User Guide 71
Remote Id How the remote host should be identified for authentication. The Id is used
to select the proper credentials for communicating with the remote host.
Remote Hop/Router If the remote host is behind a gateway, this specifies the IP address of the
gateway's public network interface.
Remote Subnet(s) One or more subnets behind the remote host, expressed in CIDR notation
(IP address/mask bits). If multiple subnets are specified, the subnets should
be separated by a comma.
Local Id How the SLC 8000 advanced console manager should be identified for
authentication. The Id is used by the remote host to select the proper
credentials for communicating with the SLC advanced console manager.
Local Hop/
Router
If the SLC unit is behind a gateway, this specifies the IP address of the
gateway's public network interface.
Local Subnet(s) One or more subnets behind the SLC 8000 advanced console manager,
expressed in CIDR notation (IP address/mask bits). If multiple subnets are
specified, the subnets should be separated by a comma.
IKE Negotiation The Internet Key Exchange (IKE) protocol is used to exchange security
options between two hosts who want to communicate via IPSec. The first
phase of the protocol authenticates the two hosts to each other and
establishes the Internet Security Association Key Management Protocol
Security Association (ISAKMP SA). The second phase of the protocol
establishes the cryptographic parameters for protecting the data passed
through the tunnel, which is the IPSec Security Association (IPSec SA). The
IPSec SA can periodically be renegotiated to ensure security. The IKE
protocol can use one of two modes: Main Mode, which provides identity
protection and takes longer, or Aggressive Mode, which provides no
identity protection but is quicker. With Aggressive Mode, there is no
negotiation of which cryptographic parameters will be used; each side must
give the correct cryptographic parameters in the initial package of the
exchange, otherwise the exchange will fail. If Aggressive Mode is used, the
IKE Encryption, IKE Authentication, and IKE DH Group must be
specified.
IKE Encryption The type of encryption, 3DES or AES, used for IKE negotiation. Any can be
selected if the two sides can negotiate which type of encryption to use.
Authentication (IKE) The type of authentication, SHA1 or MD5, used for IKE negotiation. Any
can be selected if the two sides can negotiate which type of authentication
to use.
DH Group (IKE) The Diffie-Hellman Group, 2 or 5, used for IKE negotiation. Any can be
selected if the two sides can negotiate which Diffie-Hellman Group to use.
ESP Encryption The type of encryption, 3DES or AES, used for encrypting the data sent
through the tunnel. Any can be selected if the two sides can negotiate
which type of encryption to use.
Authentication (ESP) The type of authentication, SHA1 or MD5, used for authenticating data sent
through the tunnel. Any can be selected if the two sides can negotiate
which type of authentication to use.
DH Group (ESP) The Diffie-Hellman Group, 2 or 5, used for the key exchange for data sent
through the tunnel. Any can be selected if the two sides can negotiate
which Diffie-Hellman Group to use.