10/100/1000 4-Port VPN Router

Phase 1 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest.

SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure, and both sides must use the same Authentication method.

Phase 1 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active in Phase 1. The default value is 28,800 seconds.

Perfect Forward Secrecy: If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP traffic encryption and authentication. If PFS is enabled, a hacker using brute force to break encryption keys is not able to obtain other or future IPSec keys.

Phase 2 DH Group: There are three groups of different prime key lengths. Group1 is 768 bits, Group2 is 1,024 bits and Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. You can choose the different Group with the Phase 1 DH Group you chose. If Perfect Forward Secrecy is disabled, there is no need to setup the Phase 2 DH Group since no new key generated, and the key of Phase 2 will be same with the key in Phase 1.

Phase 2 Encryption: Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions. There are two methods of encryption, DES and 3DES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both sides must use the same Encryption method. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable encrypting/decrypting ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable authenticating ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active. The default value is 3,600 seconds.

Preshared Key: Use character and hexadecimal values in this field, e.g. “My_@123” or “4d795f40313233.” The max entry of this field is 30-digit. Both sides must use the same Pre-shared Key. It’s recommended to change Preshared keys regularly to maximize VPN security.

Click the Save Settings button to save the settings or click the Cancel Changes button to undo the changes.

Chapter 5: Setting Up and Configuring the Router

44

VPN Tab - Gateway to Gateway

Page 51 Page 53
Page 52
Image 52
Linksys RV0041 manual 10/100/1000 4-Port VPN Router
Page 51 Page 53
Top Page Image Contents