Cisco Systems RV320K9NA, RV325K9NA Advanced Settings for IKE with Preshared Key and IKE with Certificate

VPN

Client to Gateway

98 Cisco Small Business RV320/RV325 Administration Guide

•Preshared Key—Preshared key to use to authenticate the remote IKE peer.

You can enter up to 30 keyboard characters or hexadecimal values, such as

My_@123 or 4d795f40313233. Both ends of the VPN tunnel must use the

same Preshared Key. We recommend that you change the Preshared Key

periodically to maximize VPN security.

•Preshared Key Strength Meter—When you enable Minimum Preshared

Key Complexity, this meter indicates the preshared key strength. As you

enter a preshared key, colored bars appear. The scale goes from red (weak)

to yellow (acceptable) to green (strong).

TIP Enter a complex preshared key that includes more than eight characters,

upper- and lowercase letters, numbers, and symbols such as -*^+= (' ' " \ are

not supported).

Advanced Settings for IKE with Preshared Key and IKE with

For most users, the basic settings should suffice; advanced users can click

Advanced to display the advanced settings. If you change the Advanced settings

on one router, also enter the settings on the other router.

•Aggressive Mode—Two modes of IKE SA negotiation are possible, Main

Mode and Aggressive Mode. If network security is preferred, Main Mode is

recommended. If network speed is preferred, Aggressive Mode is

recommended. Check this box to enable Aggressive Mode, or uncheck the

box to use Main Mode.

If the Remote Security Gateway Type is one of the Dynamic IP types,

Aggressive Mode is required. The box is checked automatically, and this

setting cannot be changed.

•Compress (Support IP Payload Compression Protocol (IP Comp))—A

protocol that reduces the size of IP datagrams. Check the box to enable the

router to propose compression when it initiates a connection. If the

responder rejects this proposal, then the router does not implement

compression. When the router is the responder, it accepts compression,

even if compression is not enabled. If you enable this feature for this router,

also enable it on the router at the other end of the tunnel.

•Keep-Alive—Attempts to reestablish the VPN connection if it is dropped.