Versionen im Vergleich

Alte Version 5

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

There is no need for the IKE and IPsec lifetimes to be the same at both ends. Rekeying is initiated shortly before the negotiated lifetime expires, usually after the shorter of the two routers’ lifetimes. However, under certain circumstances the connection may be lost during rekeying. If this is the case, it may be worthwhile to increase the lifetimes so that disconnections occur less often. This does require the lifetimes on both routers to have the same or at least a very similar values.

For security reasons, the lifetimes should not be too long, otherwise the keys could be compromised. Equally, the lifetimes should not be too short in order to avoid frequent and time-consuming rekeying.

...

  • Identification: Enter a descriptive name (in this example OFFICE-PH1-PROP). The key length is limited to 17 characters.
  • Lifetime: Enter the required lifetime in seconds. A lifetime in kBytes is not configured in phase 1 because very little data is transferred here. In this case Therefore leave the value at the default setting 0 kBytes.

...

  • Identification: Enter a descriptive name (in this example OFFICE-PH2-LIST). The key length is limited to 17 characters.
  • Proposal: From the drop-down menu, select the IPsec proposal created in step 2.3.



3. Zuweisen der angepassten Proposals zu der VPN-Verbindung) Assigning the adapted proposals to the VPN connection:

3.1 Wechseln Sie in das Menü ) Switch to the menu Connection parameters.

3.2 Markieren Sie die Verbindungs-Parameter der verwendeten VPN-Verbindung und klicken auf ) Mark the connection parameters for the relevant VPN connection and click on Edit.

3.3 Wählen Sie im Dropdown-Menü bei IKE proposals die in Schritt 1.6 erstellte IKE proposal list und bei IPSec proposals die in Schritt 2.6 erstellte IPSec proposal list aus) In the drop-down menu, select the IKE proposal list created in the step 1.6 and at IPSec proposals list created in the step 2.6.

3.4 Die Anpassung der IKE- und IPSec-Lifetimes ist damit abgeschlossen. Schreiben Sie die Konfiguration in den Router zurück.

4. Neustart der VPN-Verbindung:

) This concludes the adjustment of the IKE and IPsec lifetimes. Write the configuration back to the router.



4) Restart the VPN connection:

These changes only come into effect after restarting the VPN connectionDamit die vorgenommenen Änderungen umgesetzt werden, muss die VPN-Verbindung neugestartet werden

4.1 Neustart der VPN-Verbindung per ) Restart the VPN connection using LANmonitor:

Markieren Sie die VPN-Verbindung, führen einen Rechtsklick aus und wählen im Kontextmenü die Option Disconnect ausSelect the VPN connection, right-click and select the context-menu option Disconnect.


4.2 Neustart der VPN-Verbindung per Konsole:Geben Sie den Befehl zum Trennen der VPN-Verbindung im folgenden Format ein) Restart the VPN connection from the command line:

Enter the command to disconnect the VPN connection in the following format:

do Other/Manual-Dialing/Disconnect <Name of the VPN connection> 

In diesem Beispiel muss der Befehl also wie folgt lautenthis example, the command would appear as follows

do Other/Manual-Dialing/Disconnect VPN-OFFICE

...