D-Link DRO-210i manual Maximum life duration is 86400 seconds

Page 54

Virtual Private Network

 

maximum life duration is 86400 seconds.

 

 

IKE Hash

Select the Hash algorithm that will be used to ensure that the messages

 

exchanged between the two IPSec VPN tunnel endpoints has been

 

received exactly as it was sent. In other words, a Hash algorithm is used

 

to generate a binary number by a mathematical operation using the entire

 

message. The resulting number is called a message digest. The same

 

operation is performed when the message is received, and if there has

 

been any change in the message during transit, the resulting message

 

digest number will be different and the message will be rejected. The

 

options are:

 

MD5 - a 128-bit message digest,

 

SHA - This generates a 160-bit message digest.

 

User needs to configure exactly the same IKE Hash algorithm on both

 

ends of a VPN tunnel.

 

 

IKE Encryption

Select the encryption algorithm (DES, 3DES) that will be used to encrypt

 

the messages passed between the VPN tunnel endpoints during the Phase

 

1 negotiation. The length of the key for the 3DES algorithm is three times

 

that of the DES key, and is therefore more secure. User must choose

 

exactly the same IKE Encryption algorithm on both ends of a VPN tunnel.

 

 

Phase 2 Proposal

 

 

 

PFS Mode

Select the mode that will be used for IPSec Perfect Forward Secrecy (PFS).

 

(Group 1, Group 2, Disabled).

 

Group 1 uses 768-bit prime number

 

Group 2 uses 1024-bit prime number

 

Disable disables the PFS mode.

 

User must use exactly the same PFS mode on both ends of the VPN

 

tunnel.

IPSec Operation Select the IPSec transform that will be applied to packets that are sent between the two endpoints of a VPN tunnel.

ESP - specifies that the entire packet will be encrypted (using DES, 3DES or AES algorithm, as selected in ESP Transform field) and authenticated (using MD5 or SHA algorithm, as selected in ESP Authentication field).

AH - specifies that only the authentication algorithm (MD5 or SHA, as selected in the AH transform field) will be used. When AH is selected, the data portion of packets sent between the two endpoints of a VPN tunnel will not be encrypted.

IPSec Life Duration Enter the IPSec Life Duration (in seconds). This is the life duration of Phase 2 key. When this timer expires, the two peers should trigger Phase 2 negotiation again to set up a new Phase 2 key. The minimum life duration is 180 seconds and maximum life duration is 86400 seconds.

ESP Transform

Select the ESP transform encryption algorithm (Null, DES, 3DES and

 

AES) to be used when ESP is selected as the IPSec Operation. User needs

 

to select the same ESP transform encryption algorithm on both ends of a

 

VPN tunnel.

 

 

ESP Auth

Select the ESP authentication algorithm (Null, MD5 and SHA) to be used

 

when ESP is selected for IPSec Operation. The user needs to use the same

Dlink DRO-210i User Guide

54

Page 53 Page 55
Image 54
Page 53 Page 55
Contents DRO-210i Table Of Contents Virtual Private Network About This Manual BoldProduct Overview Product OverviewDlink DRO-210i User Guide DRO-210i Package Contents Hardware DetailsFront Panel Rear Panel Software Features RoutingVPN Tools Disabled WAN2/DMZ Port ConfigurationOptional Port Configuration InterfacesDMZ Interface LAN SettingsLAN Interface Forgot LAN IP ?DMZ Settings WAN InterfaceMaximum Transmission Unit IP Settings for WAN1 Interface Static ModeDynamic Mode Dhcp Settings for WAN1 InterfacePPPoE Mode Unnumbered InterfacesPPPoE Settings for WAN1 Interface Dhcp Server DHCP, DNS and TimeDhcp DHCP, DNS and TimeDhcp Static Mapping Dhcp Static MappingDhcp Relay Dhcp RelayDNS Proxy Settings DNS ProxySystem Time Settings TimeRouting RoutingStatic Routing Dynamic RoutingStatic Routing RIP Settings Routing Table Routing TablePolicy Based Routing Policy Based RoutingTo the same destination High Availability Auto BackupBackup Configuration High AvailabilityLoad Balancing Configuration Load BalancingEthernet Link Detection Ethernet WAN Link Detection Network Address Translation NAT Interface ConfigurationNAT Interface Configuration NATNAT Configuration NAT ConfigurationNAT Exception Virtual Server NAT ExceptionVirtual Server/NAPT SIP ALG Configuration SIP-ALGNAT Table NAT Session TableFirewall Interface ConfigurationFirewall Interface Configuration Firewall PoliciesPolicy Rules Policy RulesInbound Policies Permitted ServicesInbound Policies Permitted Services Inbound PoliciesOutbound Policies IP Permitted RulesAdd Permitted IP Rule Outbound Policies Outbound PoliciesIP Blocked Rules Blocked ServicesOutbound Policies Service Blocked Rule Add Blocked IP RuleOutbound Policies Untrusted Domain Domain FilterUntrusted Domain Trusted DomainCookie Filter Web FilterJava Filter ActiveX FilterKeyword Filter Keyword ExceptionFile Extension Filter Add Blocked MAC Address MAC FilterBlocking Log Blocking Log TableIDS Configuration Intrusion DetectionIDS Configuration Intrusion Log Table Intrusion LogBlack List Black List TableVirtual Private Network Virtual Private NetworkIPSec Passthrough IPSec Tunnel or PassthroughPeer-To-Peer IPSec Tunnel Virtual Private Network Same IKE Encryption algorithm on both ends of a VPN tunnel IPSec Server Configurations IPSec ServerMaximum life duration is 86400 seconds Tunnel Remote ID Configuration Tunnel TableLimitation IPSec Status IPSec StatusIPSec Log IPSec Log TableQuality of Service Quality of ServiceClass Configuration HTB QoS ConfigurationsQuality of Service Filter Configuration QoS Filter ConfigurationsType Of Service/DiffServ TOS/DiffServQuality of Service Device Information AdministrationAdministration Device InfoTraffic Statistics Session LogTraffic Statistics Session Log Password ChangeSysLog System LogSystem Change PasswordPassword Recovery SystemUpdate Firmware/Configuration Upload/DownloadPing Test Remote AccessRemote Access Ping TestAdministration Dlink DRO-210i User Guide Frequently Asked Questions Frequently Asked QuestionsGeneral Q6. What is the purpose of Dhcp Server Auto Configuration? DHCP, DNSRouting High AvailabilityFirewall Frequently Asked Questions 11.6 NAT Q21. What are the call features supported by SIP-ALG? 11.7 VPN11.8 QoS Frequently Asked Questions
Top Page Image Contents