•AH Hash Algorithm—Authentication Header (AH) protocol describes the packet format and default standards for packet structure. When AH is the security protocol, protection is extended forward into the IP header to verify the integrity of the entire packet. Check the box to use this feature and select an authentication method: MD5 or SHA1. MD5 produces a 128-bit digest to authenticate packet data. SHA1 produces a 160-bit digest to authenticate packet data. Both sides of the tunnel should use the same algorithm.
•NetBIOS Broadcast—Broadcast messages used for name resolution in Windows networking to identify resources such as computers, printers, and file servers. These messages are used by some software applications and Windows features such as Network Neighborhood. LAN broadcast traffic is typically not forwarded over a VPN tunnel. However, you can check this box to allow NetBIOS broadcasts from one end of the tunnel to be rebroadcast to the other end.
•NAT Traversal—Network Address Translation (NAT) enables users with private LAN addresses to access Internet resources by using a publicly routable IP address as the source address. However, for inbound traffic, the NAT gateway has no automatic method of translating the public IP address to a particular destination on the private LAN. This issue prevents successful IPsec exchanges. If your VPN router is behind a NAT gateway, check this box to enable NAT traversal. The same setting must be used on both ends of the tunnel.
•Extended Authentication—Allows you to specify a username and password for authenticating incoming IPSec tunnel requests on top of a preshared key or certificate.
-IPsec Host—Indicates use of an IPsec Host for extended authentication.
User Name—Authentication username. Password—Authentication password.
-Edge Device—Provides an IP address to the incoming tunnel requestor (after authentication) from the Virtual IP range configured in the Summary window. Select the device from the drop-down menu. To add or edit the device domain, click Add/Edit to display the User Management window.
•Mode Configuration—Provides an IP address to the incoming tunnel requestor (after authentication) from the Virtual IP Range configured in the VPN > Summary window.
