Virtual Private Network
Dlink DRO-210i User Guide 54
maximum life duration is 86400 seconds.
IKE Hash Select the Hash algorithm that will be used to ensure that the messages
exchanged between the two IPSec VPN tunnel endpoints has been
received exactly as it was sent. In other words, a Hash algorithm is used
to generate a binary number by a mathematical operation using the entire
message. The resulting number is called a message digest. The same
operation is performed when the message is received, and if there has
been any change in the message during transit, the resulting message
digest number will be different and the message will be rejected. The
options are:
MD5 - a 128-bit message digest,
SHA - This generates a 160-bit message digest.
User needs to configure exactly the same IKE Hash algorithm on both
ends of a VPN tunnel.
IKE Encryption Select the encryption algorithm (DES, 3DES) that will be used to encrypt
the messages passed between the VPN tunnel endpoints during the Phase
1 negotiation. The length of the key for the 3DES algorithm is three times
that of the DES key, and is therefore more secure. User must choose
exactly the same IKE Encryption algorithm on both ends of a VPN tunnel.
Phase 2 Proposal
PFS Mode Select the mode that will be used for IPSec Perfect Forward Secrecy (PFS).
(Group 1, Group 2, Disabled).
Group 1 uses 768-bit prime number
Group 2 uses 1024-bit prime number
Disable disables the PFS mode.
User must use exactly the same PFS mode on both ends of the VPN
tunnel.
IPSec Operation Select the IPSec transform tha t will be applied to packets that are sent
between the two endpoints of a VPN tunnel.
ESP - specifies that the entire packet will be encrypted (using DES,
3DES or AES algorithm, as selected in ESP Transform field) and
authenticated (using MD5 or SHA algorithm, as selected in ESP
Authentication field).
AH - specifies that only the authentication algorithm (MD5 or SHA,
as selected in the AH transform field) will be used. When AH is
selected, the data portion of packets sent between the two endpoints
of a VPN tunnel will not be encrypted.
IPSec Life Duration Enter the IPSec Life Duration (in seconds). This is the life duration of
Phase 2 key. When this timer expires, the two peers should trigger Phase
2 negotiation again to set up a new Phase 2 key. The minimum life
duration is 180 seconds and maximum life duration is 86400 seconds.
ESP Transform Select the ESP transform encryption algorithm (Nu ll, DES, 3DES and
AES) to be used when ESP is selected as the IPSec Operation. User needs
to select the same ESP transform encryption algorithm on both ends of a
VPN tunnel.
ESP Auth S elect the ESP authentication algorithm (Null, MD5 and SHA) to be used
when ESP is selected for IPSec Operation. The user needs to use the same