N300 Wireless Dual Band ADSL2+ Modem Router DGND3300v2 User Manual
Table 5. VPN - Auto Policy Screen Settings (Continued)
Fields and Settings | Description | ||
|
|
| |
Parameters | SA Life Time | The time interval before the SA (security association) expires. (It is | |
(Continued) |
| automatically reestablished as required.) While using a short time | |
|
| period (or data amount) increases security, it also degrades | |
|
| performance. It is common to use periods over an hour (3600 seconds) | |
|
| for the SA | |
| Enable IPSec PFS | • If this check box is selected, security is enhanced by ensuring that | |
| (Perfect Forward | the key is changed at regular intervals. Also, even if one key is | |
| Secrecy) | broken, subsequent keys are no easier to break. (Each key has no | |
|
| relationship to the previous key.) | |
|
| • This setting applies to both IKE and IPSec SAs. When configuring | |
|
| the remote endpoint to match this setting, you might have to specify | |
|
| the key group used. For this device, the key group is the same as the | |
|
| DH Group setting in the IKE section. | |
General | Policy Name | Enter a unique name to identify this policy. This name is not supplied to | |
|
| the remote VPN endpoint. It is used only to help you manage the | |
|
| policies. | |
| Remote VPN | • The remote VPN endpoint must have this VPN gateway's address | |
| Endpoint | entered as its remote VPN endpoint. | |
|
| • If the remote endpoint has a dynamic IP address, select Dynamic IP | |
|
| address. No address data input is required. You can set up multiple | |
|
| remote dynamic IP policies, but only one such policy can be enabled | |
|
| at a time. Otherwise, select an option (IP address or domain name) | |
|
| and enter the address of the remote VPN endpoint to which you want | |
|
| to connect. | |
| IKE Keep Alive | • If you want to ensure that a connection is kept open, or, if that is not | |
|
| possible, that it is quickly reestablished when disconnected, select | |
|
| this check box. | |
|
| • The ping IP address must be associated with the remote endpoint. | |
|
| The remote LAN address must be used. This IP address will be | |
|
| pinged periodically to generate traffic for the VPN tunnel. The remote | |
|
| ||
|
| and must correspond to a device that can respond to ping. The range | |
|
| should be made as narrow as possible to meet this objective. | |
|
|
| |
Local LAN | Subnet Mask | Enter the network mask. | |
The remote VPN |
|
| |
Single/Start IP | • Enter the IP address for a single address, or the starting address for | ||
endpoint must | |||
have these IP | Address | an address range. A single address setting is used when you want to | |
addresses entered |
| make a single server on your LAN available to remote users. A range | |
as its remote |
| must be an address range used on your LAN. | |
addresses. |
| • Any. The remote VPN endpoint might be at any IP address. | |
|
|
| |
