AR7088H Router User Manual
Tel:+86 592-6195619 Fax:+86 592-6195620
E-mail:
Page 36 of 59
Web:
Add: NO.146-148, 2nd XingBei Road, JiMei District, XiaMen, China.
Local WAN Interface:
Local addresss of the tunnel.
Remote Host Address:
IP/domain name of end opposite; this option can not fill in if using
tunnel mode server
Local Subnet:
IPSec local protects subnet and subnet mask, i.e. 192.168.1.0/24; this
option can not fill in if using transfer mode.
Remote Subnet:
IPSec opposite end protects subnet and subnet mask,
i.e.192.168.7.0/24; this option can not fill in if using transfer mode.
Local ID:
Tunnel local end identification, IP and domain name are available.
Remote ID:
Tunnel opposite end identification, IP and domain name are available.
Use a Pre-Shared Key:
Choose use share encryption option.
CA Certificate:
Root certificate
X509 CA of the local:
Local Certificate
X509 CA of the remote:
Remote Certificate
Key:
Certificate private key
Password:
Certificate password
Enable Advanced Settings:
Enable to configure 1
st
and 2
nd
phase information, otherwise
it will auto negotiation according to opposite end.
Phase 1(IKE)
Encryption:
IKE phased encryption mode.
Integrity:
IKE phased integrity solution.
DHGrouptype:
DH exchange algorithm.
Lifetime:
Set IKE lifetime, current unit is hour, the default is 0.
Phase 2(ESP)
Encryption:
ESP encryption type.
Integrity:
ESP integrity solution.
Keylife:
Set ESP keylife, current unit is hour, the default is 0.
IKE aggressive mode allowed:
Negotiation mode adopt aggressive mode if tick; it is
main mode if non-tick.
Perfect Forward Secrecy:
Tick to enable PFS, non-tick to disable PFS.
Enable DPD Detection: E
nable or disable this function, tick means enable.
Time Interval:
Set time interval of connect detection (DPD).
Timeout:
Set the timeout of connect detection.
Action:
Set the action of connect detection.