10/100 16-Port VPN Router
Encryption. Select a method of encryption, DES or 3DES. The encryption method determines the length of the key used to encrypt or decrypt ESP packets. DES uses 56-bit encryption, and 3DES uses 168-bit encryption. 3DES is recommended because it is more secure. Make sure both ends of the VPN tunnel use the same encryption method.
Authentication. Select a method of authentication, MD5 or SHA. The authentication method determines how the ESP packets are validated. MD5 is a one-way hashing algorithm that produces a 128-bit digest. SHA is a one-way hashing algorithm that produces a 160-bit digest. SHA is recommended because it is more secure. Make sure both ends of the VPN tunnel use the same authentication method.
Encryption Key. This field specifies a key used to encrypt and decrypt IP traffic. Enter a key of hexadecimal values in the Encryption Key field. If you selected DES as the encryption method, then the Encryption Key must be 16-bit, which requires 16 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 16-bit. If you selected 3DES as the encryption method, then the Encryption Key must be 48-bit, which requires 48 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Encryption Key will be 48-bit. Make sure both ends of the VPN tunnel use the same Encryption Key.
Authentication Key. This field specifies a key used to authenticate IP traffic. Enter a key of hexadecimal values in the Authentication Key field. If you selected MD5 as the authentication method, then the Authentication Key must be 32-bit, which requires 32 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Encryption Key will be automatically completed with zeroes, so the Authentication Key will be 32-bit. If you selected SHA1 as the authentication method, then the Authentication Key must be 40-bit, which requires 40 hexadecimal values. If you do not enter enough hexadecimal values, then the rest of the Authentication Key will be automatically completed with zeroes, so the Authentication Key will be 40-bit. Make sure both ends of the VPN tunnel use the same Authentication Key.
Click the Save Settings button to save your changes, or click the Cancel Changes button to undo the changes.
Advanced
For most users, the settings on the VPN page should suffice; however, the Router provides advanced IPSec settings for advanced users. Click the Advanced button to view the Advanced settings, which are available only for VPN tunnels using the IKE with Preshared Key mode.
Aggressive Mode. There are two types of Phase 1 exchanges, Main Mode and Aggressive Mode.
Aggressive Mode requires half of the main mode messages to be exchanged in Phase 1 of the SA exchange. If
network security is preferred, leave the Aggressive Mode checkbox unchecked. If network speed is preferred, Figure 6-90: IKE with Preshared Key - Advanced select Aggressive Mode. If you select one of the Dynamic IP types for the Remote Security Gateway Type
Chapter 6: Setting up and Configuring the Router | 66 |
