D-Link DRO-210i - page 54

Virtual Private Network

Dlink DRO-210i User Guide 54

maximum life duration is 86400 seconds.

IKE Hash Select the Hash algorithm that will be used to ensure that the messages

exchanged between the two IPSec VPN tunnel endpoints has been

received exactly as it was sent. In other words, a Hash algorithm is used

to generate a binary number by a mathematical operation using the entire

message. The resulting number is called a message digest. The same

operation is performed when the message is received, and if there has

ends of a VPN tunnel.

IKE Encryption Select the encryption algorithm (DES, 3DES) that will be used to encrypt

the messages passed between the VPN tunnel endpoints during the Phase

1 negotiation. The length of the key for the 3DES algorithm is three times

that of the DES key, and is therefore more secure. User must choose

exactly the same IKE Encryption algorithm on both ends of a VPN tunnel.

Phase 2 Proposal

PFS Mode Select the mode that will be used for IPSec Perfect Forward Secrecy (PFS).

• Group 1 uses 768-bit prime number

• ESP - specifies that the entire packet will be encrypted (using DES,

3DES or AES algorithm, as selected in ESP Transform field) and

authenticated (using MD5 or SHA algorithm, as selected in ESP

Authentication field).

• AH - specifies that only the authentication algorithm (MD5 or SHA,

as selected in the AH transform field) will be used. When AH is

selected, the data portion of packets sent between the two endpoints

of a VPN tunnel will not be encrypted.

IPSec Life Duration Enter the IPSec Life Duration (in seconds). This is the life duration of

Phase 2 key. When this timer expires, the two peers should trigger Phase

ESP Auth S elect the ESP authentication algorithm (Null, MD5 and SHA) to be used

when ESP is selected for IPSec Operation. The user needs to use the same