DIR-842V2
AC1200 Wi-Fi Gigabit Router
User Manual
Configuring via Web-based Interface
Page
162
Parameter
Description
Aggressive Mode
Move the switch to the right to enable the aggressive mode for mutual
authentication of the parties. Such a setting accelerates the connection
establishment, but reduces its security.
IKE version
IKE (
Internet Key Exchange
) is a protocol of keys exchange between
two hosts of VPN connections. Select a version of the protocol from
the drop-down list.
The Second Phase
Encryption mode
Select an encryption mode from the drop-down list.
Second phase
encryption algorithm
Select an available encryption algorithm from the drop-down list.
Hashing mode
Select a hashing mode from the drop-down list.
Size of hash
The length of the hash in bits.
Hashing algorithm
Select a hashing algorithm from the drop-down list.
Enable PFS
Move the switch to the right to enable the PFS option (
Perfect
Forward Secrecy
). If the switch is moved to the right, a new
encryption key exchange will be used for the Second Phase. This
option enhances the security level of data transfer, but increases
the load on DIR-842V2.
Second phase
DHgroup type
A Diffie-Hellman key group for the Second Phase. Select a value from
the drop-down list. The drop-down list is available if the
Enable PFS
switch is moved to the right.
IPsec-SA lifetime
The lifetime of the Second Phase keys in seconds. After the specified
period it is required to renegotiate the keys. The value specified in this
field should be greater than zero.
To specify IP addresses of local and remote subnets for this tunnel, click the
ADD
button (
) in
the
Tunneled Networks
section.
If the IPsec tunnel operates over IKEv1 (
1
is selected from the
IKE version
list in the
The First
Phase
section), you can create only one subnet.
If the IPsec tunnel operates over IKEv2 (
2
is selected from the
IKE version
list in the
The First
Phase
section), you can create several subnets.