
Wireless-G  VPN Broadband Router
Advanced VPN Tunnel Setup
Click the Advanced VPN Tunnel Setup button, and the Advanced VPN Tunnel Setup screen will appear.
These advanced IPSec settings are for advanced users.
Phase 1
Phase 1 is used to create a security association (SA), often called the IKE SA. After Phase 1 is completed, Phase 2 is used to create one or more IPSec SAs, which are then used to key IPSec sessions.
Operation Mode. There are two modes: Main and Aggressive, and they exchange the same IKE payloads in different sequences. Main mode is more common; however, some people prefer Aggressive mode because it is faster. Main mode is for normal usage and includes more authentication requirements than Aggressive mode. Main mode is recommended because it is more secure. No matter which mode is selected, the VPN Router will accept both Main and Aggressive requests from the remote VPN device.
Encryption. Select the length of the key used to encrypt or decrypt ESP packets. There are two choices: DES and 3DES. 3DES is recommended because it is more secure.
Authentication. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA1. SHA1 is recommended because it is more secure.
Group. There are three 
Key Life Time. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your choosing. Enter the number of seconds you’d like the key to be used until a 
Phase 2
Encryption. The encryption method selected in Phase 1 will be displayed.
Authentication. The authentication method selected in Phase 1 will be displayed.
PFS. The status of the PFS (Perfect Forward Secrecy) feature will be displayed.
Group. There are three 
Chapter 6: Configuring the 
Figure 6-31:  Advanced VPN Tunnel Setup
35
The Security Tab - VPN
