Chapter 4
Advanced Configuration
43
10/100 8-Port VPN Router
want the Router to propose compression when it initiates a
connection. If the responders reject this proposal, then the
Router will not implement compression. When the Router
works as a responder, it will always accept compression,
even if compression is not enabled.
Keep-Alive
Keep-Alive helps maintain IPSec VPN tunnel
connections. If a connection is dropped and detected, it
will be re-established immediately. Select this option to
use this feature.
AH Hash Algorithm
The AH (Authentication Header)
protocol describes the packet format and default
standards for packet structure. With the use of AH as the
security protocol, protection is extended forward into the
IP header to verify the integrity of the entire packet by use
of portions of the original IP header in the hashing process.
Select this option to use this feature. Then select
MD5
or
SHA1
. MD5 produces a 128-bit digest to authenticate
packet data. SHA produces a 160-bit digest to authenticate
packet data. Both sides of the tunnel should use the same
algorithm.
NetBIOS Broadcast
Select this option to allow NetBIOS
traffic to pass through the VPN tunnel. By default, the
Router blocks this traffic.
NAT Traversal
Select this option to use this feature.
Both the IPSec initiator and responder must support the
mechanism for detecting the NAT router in the path and
changing to a new port, as defined in RFC 3947.
Dead Peer Detection (DPD)
When DPD is enabled, the
Router will send periodic HELLO/ACK messages to check
the status of the VPN tunnel (this feature can be used only
when both peers or VPN devices of the VPN tunnel use the
DPD mechanism). Once a dead peer has been detected,
the Router will disconnect the tunnel so the connection
can be re-established. Specify the interval between
HELLO/ACK messages (how often you want the messages
to be sent). DPD is enabled by default, and the default
interval is
10
seconds.
Tunnel Backup
The VPN Tunnel Backup mechanism is
designed to provide a robust VPN connection. This feature
must be used with the DPD feature enabled on both of the
VPN endpoint devices. When the DPD mechanism detects
that the primary VPN tunnel is no longer available, then
the VPN Tunnel Backup mechanism will be activated and
try to connect the VPN tunnel via the user-defined WAN
interface.
Remote Backup IP Address
•
Enter the IP address
of the remote backup. Make sure you enter this IP
address even if it matches the IP address of the remote
VPN endpoint.
Local Interface
•
Select the appropriate interface.
VPN Tunnel Backup Idle Time
•
After the specified
length of idle time, the Router will check the VPN tunnel
for connection. If the VPN tunnel cannot be established
after the specified length of idle time, then the Router
will check the backup VPN tunnel for availability and
try to switch over. The default is
30 sec
.
Split DNS
When a computer on the LAN of the Router
makes a DNS query of a host with a domain name on the
list of specified domain names, the Router will query the
remote DNS server on behalf of the computer. The Split
DNS feature allows users on the LAN of the Router to
access the servers by name in the remote network over
the IPSec tunnel.
DNS1-2
•
Enter the IP addresses of the DNS servers on
the remote network.
Domain Name 1-4
•
Enter the domain names of the
appropriate hosts.
Click
Save Settings
to save your changes, or click
Cancel
Changes
to undo them.
VPN > Client to Gateway
Use this screen to create a new tunnel between a VPN
device and a remote computer using third-party VPN
client software, such as TheGreenBow or VPN Tracker.
VPN > Client to Gateway
