![background image](http://html1.mh-extra.com/html/linksys/rvs4000/rvs4000_user-manual_1924699039.webp)
30
Chapter 6: Setting Up and Configuring the Router
VPN Tab
4-Port Gigabit Security Router with VPN
Encryption
. The Encryption method determines the length of the key used to encrypt/decrypt ESP packets.
Only 3DES is supported. Notice that both sides must use the same Encryption method.
Authentication
. Authentication determines a method to authenticate the ESP packets. Either MD5 or SHA1
may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.
•
MD5: A one way hashing algorithm that produces a 128-bit digest.
•
SHA1: A one way hashing algorithm that produces a 160-bit digest.
PFS
. If PFS is enabled, IKE Phase 2 negotiation will generate a new key material for IP traffic encryption and
authentication. Note: that both sides must have this selected.
Pre-Shared Key
. IKE uses the Pre-shared Key field to authenticate the remote IKE peer. Both character and
hexadecimal values are acceptable in this field. e.g. “My_@123” or “0x4d795f40313233” Note: that both
sides must use the same Pre-shared Key.
Key Life Time
. This field specifies the lifetime of the IKE generated key. If the time expires, a new key will be
renegotiated automatically. The Key Life Time may range from 300 to 100,000,000 seconds. The default Life
Time is 3600 seconds.
Manual
Encryption Algorithm
. The Encryption method determines the length of the key used to encrypt/decrypt ESP
packets. Only 3DES is supported. Notice that both sides must use the same Encryption method.
Encryption Key
. This field specifies a key used to encrypt and decrypt IP traffic. Both character and
hexadecimal value are acceptable in this field. Note: that both sides must use the same Encryption Key.
Authentication Algorithm
. Authentication determines a method to authenticate the ESP packets. Either MD5
or SHA1 may be selected. Notice that both sides (VPN endpoints) must use the same Authentication method.
•
MD5: A one way hashing algorithm that produces a 128-bit digest.
•
SHA1: A one way hashing algorithm that produces a 160-bit digest.
Authentication Key
. This field specifies a key used to authenticate IP traffic. Both character and hexadecimal
values are acceptable in this field. Note: that both sides must use the same Authentication Key.
Inbound SPI/Outbound SPI
. The SPI (Security Parameter Index) is carried in the ESP header. This enables
the receiver to select the SA, under which a packet should be processed. The SPI is a 32-bit value. Both
decimal and hexadecimal values are acceptable. e.g. “987654321” or “0x3ade68b1”. Each tunnel must have