30
Chapter 5: Using The Router’s Web-based Utility
The Security Tab
Broadband Firewall Router with 4-Port Switch/VPN Endpoint
Encryption
. Select the length of the key used to encrypt/decrypt ESP packets. There are two choices: DES and 3DES.
3DES is recommended because it is more secure.
Authentication
. Select the method used to authenticate ESP packets. There are two choices: MD5 and SHA. SHA is
recommended because it is more secure.
Group
. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a
cryptographic technique that uses public and private keys for encryption and decryption.
Key Lifetime
. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your
choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is
completed.
Phase 2
Group
. There are two Diffie-Hellman Groups to choose from: 768-bit and 1024-bit. Diffie-Hellman refers to a
cryptographic technique that uses public and private keys for encryption and decryption.
Key Lifetime
. In the Key Lifetime field, you may optionally select to have the key expire at the end of a time period of your
choosing. Enter the number of seconds you’d like the key to be used until a re-key negotiation between each endpoint is
completed.
Other Settings
NetBIOS broadcast
. Check the box next to NetBIOS broadcast to enable NetBIOS traffic to pass through the VPN tunnel.
Anti-replay
. Check the box next to Anti-replay to enable the Anti-replay protection. This feature keeps track of sequence
numbers as packets arrive, ensuring security at the IP packet-level.
Keep-Alive
. Check the box next to Keep-Alive to re-establish the VPN tunnel connection whenever it is dropped. Once the
tunnel is initialized, this feature will keep the tunnel connected for the specified amount of idle time.
Unauthorized IP Blocking
. Check this box to block unauthorized IP addresses. Complete the on-screen sentence to
specify how many times IKE must fail before blocking that unauthorized IP address for a length of time that you specify (in
seconds).
When finished making your changes on this screen, click the
Save Settings
button to save these changes, or click the
Cancel
Changes
button to undo your changes.
POP3
(
P
ost
O
ffice
P
rotocol
3
): a standard mail
server commonly used on the Internet
URL
(
U
niform
R
esource
L
ocator): the
address of a file located on the Internet