Broadband VPN Router User
’
s Manual
82
SPI
•
Each SPI (Security Parameter Index) must be unique.
•
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on the
remote VPN.
•
Each SPI should be at least 3 characters.
ESP Encryption
ESP (Encapsulating Security Payload) provides security for the
payload (data) sent through the VPN tunnel. Generally, you will
want to enable both Encryption and Authentication.
Encryption Algorithm
•
The 3DES algorithm provides greater security than DES, but is
slower.
•
If using AES, you must select the
Key Size
. If using DES or
3DES, this field is ignored.
Key - In / Key - Out
•
The "In" key here must match the "Out" key on the remote
VPN, and the "Out" key here must match the "In" key on the
remote VPN.
•
For DES, keys should be 8 ASCII characters (16 HEX chars).
•
For 3DES, keys should be 24 ASCII characters (48 HEX
chars).
•
If using AES encryption, the key input size must match the
Key
Size
selected above.
ESP Authentication
Generally, you should enable ESP Authentication. There is little
difference between the available algorithms. Just ensure each
endpoint use the same setting.
•
The "In" key here must match the "Out" key on the remote
VPN, and the "Out" key here must match the "In" key on the
remote VPN.
•
Keys can be in ASCII or Hex (0 ~ 9 and A ~ F)
•
For MD5, the keys should be 32 hex/16 ASCII characters.
•
For SHA-1, the keys should be 40 hex/20 ASCII characters.
ESP SPI
This is required if either ESP Encryption or ESP Authentica-
tion is enabled.
•
Each SPI (Security Parameter Index) must be unique.
•
The "in" SPI here must match the "out" SPI on the remote
VPN, and the "out" SPI here must match the "in" SPI on the
remote VPN.
•
Each SPI should be at least 3 characters.
For Manual Key Exchange, configuration is now complete.
•
Click "Next" to view the final screen.
•
On the final screen, click "Finish" to save your settings, then "Close" to exit the Wizard.