Cisco Systems RV320K9NA, RV325K9NA Advanced Settings for IKE with Preshared Key and IKE with Certificate

VPN

Gateway to Gateway

Cisco Small Business RV320/RV325 Administration Guide 89

Advanced Settings for IKE with Preshared Key and IKE with

For most users, the basic settings should suffice; advanced users can click

Advanced to display the advanced settings. If you change the Advanced settings

on one router, also enter the settings on the other router.

•Aggressive Mode—Two modes of IKE SA negotiation are possible: Main

Mode and Aggressive Mode. If network security is preferred, Main Mode is

recommended. If network speed is preferred, Aggressive Mode is

recommended. Check this box to enable Aggressive Mode, or uncheck the

box to use Main Mode.

If the Remote Security Gateway Type is one of the Dynamic IP types,

Aggressive Mode is required. The box is checked automatically, and this

setting cannot be changed.

•Compress (Support IP Payload Compression Protocol (IP Comp))—A

protocol that reduces the size of IP datagrams. Check the box to enable the

router to propose compression when it initiates a connection. If the

responder rejects this proposal, then the router does not implement

compression. When the router is the responder, it accepts compression,

even if compression is not enabled. If you enable this feature for this router,

also enable it on the router at the other end of the tunnel.

•Keep-Alive—Attempts to reestablish the VPN connection if it is dropped.

•AH Hash Algorithm—Authentication Header (AH) protocol describes the

packet format and default standards for packet structure. When AH is the

security protocol, protection is extended forward into the IP header to verify

the integrity of the entire packet. Check the box to use this feature and

select an authentication method: MD5 or SHA1. MD5 produces a 128-bit

digest to authenticate packet data. SHA1 produces a 160-bit digest to

authenticate packet data. Both sides of the tunnel should use the same

algorithm.

•NetBIOS Broadcast—Broadcast messages used for name resolution in

Windows networking to identify resources such as computers, printers, and

file servers. These messages are used by some software applications and

Windows features such as Network Neighborhood. LAN broadcast traffic is

typically not forwarded over a VPN tunnel. However, you can check this box

to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast

to the other end.