By entering the number of seconds in the
Key Lifetime
field, you may optionally select to have the key expire at the end of the time you specify.
Leave this field blank for the key to last indefinitely.
Figure 20. Key Timing
Manual Keying:
This allows you to manually enter the keys to be used for encryption and authentication. Enter the Keys (code) you wish to use for encryption and
authentication separately in the “
Encryption KEY
” and “
Authentication KEY
” fields. Up to 23 alphanumeric characters are allowed in each field. Be aware that
both ends of the VPN Tunnel should use the
same key management
method in addition to same encryption and authentication keys.
The “
Inbound SPI
” value set here must match the Outbound SPI value at the other end of the VPN Tunnel. Conversely, the “
Outbound SPI
” must match the Inbound
SPI value at the other end. Only numeric characters can be used in both these fields.
•
Status:
After finalizing the settings at both ends of the VPN Tunnel, click the “
Connect
” button to initiate the VPN Tunnel. Once a connection is established, the word
“Connected” should appear under “Status” if the connection is successful. Should the word “
Disconnected
” appear, it is an indication that a problem exists, preventing
the successful creation of the Tunnel. In this case, you should firstly ensure that your wiring is securely connected. Next, double-check that correct values have been
entered in the VPN configuration screen. Lastly, ensure that the settings at the other end of the Tunnel are correct.
•
Advanced Setting:
To establish a VPN Tunnel with another provider’s VPN solution, configuration of the advanced setting is sometimes necessary. Click the
“
Advanced Setting
” button and the screen shown below will appear.
Figure 21. Advanced Settings for Selected IPSec Tunnel
Operation mode:
There are two options in this mode: Main and Aggressive. Main mode is the default and is the more secure method. Aggressive mode is used when
the devices at the remote end of the VPN Tunnel can only use Aggressive mode. Mostly, it is used with dynamic IP addresses. Whenever the Main or Aggressive modes
are selected, the router will accept both modes initialled by the remote VPN devices.
Encryption:
Select either DES or 3DES from the drop down list. 3DES is default as it is the more secure option.
Authentication:
Select either MD5 or SHA is from the drop down list. SHA default as it is the more secure option.
Group:
Two Diffie-Hellman Groups can be selected from the drop down list: 768-bit and 1024-bit. Diffie-Hellman is a technique that uses public and private key for
encryption and decryption.
ENGLISH
12
