|
 |
Hash algorithms
• MD5-HMAC 128 bit authentication
• SHA1-HMAC 160-bit authentication
Encryption
• DES-CBC 56 bit encryption
• 3DES-CBC 168 bit encryption
• AES 128, 192, 256 bit encryption
Diffie Hellman Group Support
• Group 1 : MODP 768
• Group 2 : MODP 1024
• Group 5 : MODP 1536
• Group 14 : MODP 2048
Authentication Mechanism
• Pre shared Key
• X509 Certificate support
• X-Auth
• SmartCard & Token (Aladdin, ..)
Certificate
• Flexible Certificate Support (PEM, PKCS#12, …)
Key Management
• ISAKMP (RFC2408)
• IKE (RFC2409)
IKE & IPSec Mode
• ESP, Tunnel, Transport
• Main, Aggressive, Quick
• Hybrid Authentication Method
USB stick mode
• All formats supported (SD, MMC…)
• Auto close, Auto open IPSec tunnels when plug in or remove USB Stick
• Security Elements (e.g. network configuration, shared key, certificates…) cannot be used on other computers
Networking
• NAT traversal (Draft1, 2 & 3) allows IPSec connection through a NAT device
• Main mode & agressive mode
• NAT keep Alive, Payload NAT_OA, IP address emulation
• Forced NAT-T
• Multi tunneling to several Gateways
• Dead Peer Detection (DPD) support
Connection Technologies
• DSL, dial-up modem, GPRS-Edge-3G, Ethernet, PCMCIA cards, WIFI ...
Redundant Gateway
• Redundant gateway when primary is down or not responding
• Use of DPD (Dead Peer Detection) for fail over
Config-Mode
• Automatically fetch remote network DNS and WINS server addresses
• Manual Config-Mode in case remote gateway doesn’t support Config-Mode
Peer to Peer
• Peer to Peer connections
• Accepts incoming IPSec Tunnels
Blocking capabilities
• IPSec only traffic filtering
• Can block all other connections than the VPN connections
Management Options
• Access control to Configuration Panel
• Can run fully invisible to users (hidden mode)
• Set of command lines to make easier deployment and management
• Capability to start before logon
• Launch script when tunnel open |
|
 |
|
