10/100/1000 4-Port VPN Router

Phase 2 DH Group: There are three groups of different prime key lengths. Group1 is 768 bits, Group2 is 1,024 bits and Group 5 is 1,536 bits. If network speed is preferred, select Group 1. If network security is preferred, select Group 5. You can choose the different Group with the Phase 1 DH Group you chose. If Perfect Forward Secrecy is disabled, there is no need to setup the Phase 2 DH Group since no new key generated, and the key of Phase 2 will be the same with the key in Phase 1.

Phase 2 Encryption: Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions. There are two methods of encryption, DES and 3DES. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets. DES is 56-bit encryption and 3DES is 168-bit encryption. Both sides must use the same Encryption method. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable encrypting/decrypting ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 Authentication: There are two methods of authentication, MD5 and SHA. The Authentication method determines a method to authenticate the ESP packets. Both sides must use the same Authentication method. MD5 is a one-way hashing algorithm that produces a 128-bit digest. If users enable the AH Hash Algorithm in Advanced, then it is recommended to select Null to disable authenticating ESP packets in Phase 2, but both sides of the tunnel must use the same setting.

Phase 2 SA Life Time: This field allows you to configure the length of time a VPN tunnel is active. The default value is 3,600 seconds.

Preshared Key: Character and hexadecimal values are acceptable in this field, e.g. “My_@123” or “4d795f40313233.” The max entry of this field is 30-digit. Both sides must use the same Pre-shared Key. It’s recommended to change Preshared keys regularly to maximize VPN security.

Click the Save Settings button to save the settings or click the Cancel Changes button to undo the changes.

Advanced

For most users, the settings on the VPN page should be satisfactory. This device provides an advanced IPSec setting page for some special users such as reviewers. Click the Advanced button to link you to that page. Advanced settings are only for IKE with Preshared Key mode of IPSec.

Aggressive Mode: There are two types of Phase 1 exchanges: Main mode and Aggressive mode.

Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If

Figure 5-47: VPN tab - Client to Gateway Advanced

 

network security is preferred, select Main mode. If network speed is preferred, select Aggressive mode. When

 

Group VPN is enabled, it will be limited as Aggressive Mode. If you select Dynamic IP in Remote Client Type in

 

tunnel mode, it will also be limited as Aggressive Mode.

 

Chapter 5: Setting Up and Configuring the Router

51

VPN Tab - Client to Gateway

Page 58 Page 60
Page 59
Image 59
Linksys RV0041 manual Tunnel mode, it will also be limited as Aggressive Mode, VPN tab Client to Gateway Advanced
Page 58 Page 60
Top Page Image Contents