32
junxion box user guide
Encryption.
Determines the type and length of encryption key used to encrypt/
decrypt ESP (Encapsulating Security Payload) packets. DES supports 56-bit encryption.
3DES supports 168-bit encryption. AES (Advanced Encryption Standard) is available
with 128, 192, and 256-bit keys.
Authentication.
Can be configured with MD5 or SHA1. MD5 is an algorithm that
produces a 128-bit digest for authentication. SHA1 is a more secure algorithm that
produces a 160-bit digest.
SA Time.
Determines how long the VPN tunnel is active. The default value is 28,800
seconds, or 8 hours.
Perfect Forward Secrecy.
Provides additional security through a DH shared secret
value. When this feature is enabled, one key cannot be derived from another. This
ensures previous and subsequent encryption keys are secure even if one key is
compromised.
Phase 2.
These settings are used to create the IPSec SA. The configurations are similar
to those in phase 1.
Shared Secret or x.509.
The VPN setup can use either a Shared Secret key or an x.509
certificate. This key or certificate is pre-shared by all parties to make the connection.
Shared secret keys should be as complex as possible while adhering to any character
limit on your VPN server. If you are using an x.509 certificate, you must load the Host
Key, Host Certificate, and Server Certificate files directly into the Junxion Box before
you click Apply.
Security note. When an individual device connects to a VPN using its own VPN client
software, a secure VPN connection exists all the way from the individual device to the VPN
server. When you use the Junxion Box to provide VPN access to devices on the LAN, a secure
VPN connection exists between the Junxion Box and the VPN server, not the Junxion Box
and the LAN devices. You can secure the LAN connections by enabling encryption on the
Security page, and by making sure no unauthorized devices are connected to your wireless
or wired LAN.
Splash Page
The Junxion Platform includes an optional splash page that can be enabled to greet
Junxion Box users. If turned on, this feature will display a custom greeting page in any