Advanced Settings for IKE with Preshared Key and IKE with
Certificate
For most users, the basic settings should suffice; advanced users can click Advanced to display the advanced settings. If you change the Advanced settings on one router, also enter the settings on the other router.
•Aggressive Mode—Two modes of IKE SA negotiation are possible: Main Mode and Aggressive Mode. If network security is preferred, Main Mode is recommended. If network speed is preferred, Aggressive Mode is recommended. Check this box to enable Aggressive Mode, or uncheck the box to use Main Mode.
If the Remote Security Gateway Type is one of the Dynamic IP types, Aggressive Mode is required. The box is checked automatically, and this setting cannot be changed.
•Compress (Support IP Payload Compression Protocol (IP Comp))—A protocol that reduces the size of IP datagrams. Check the box to enable the router to propose compression when it initiates a connection. If the responder rejects this proposal, then the router does not implement compression. When the router is the responder, it accepts compression, even if compression is not enabled. If you enable this feature for this router, also enable it on the router at the other end of the tunnel.
•Keep-Alive—Attempts to reestablish the VPN connection if it is dropped.
•AH Hash Algorithm—Authentication Header (AH) protocol describes the packet format and default standards for packet structure. When AH is the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet. Check the box to use this feature and select an authentication method: MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA1 produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm.
•NetBIOS Broadcast—Broadcast messages used for name resolution in Windows networking to identify resources such as computers, printers, and file servers. These messages are used by some software applications and Windows features such as Network Neighborhood. LAN broadcast traffic is typically not forwarded over a VPN tunnel. However, you can check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast to the other end.
