Chapter 3
Advanced Configuration
12
EtherFast Cable/DSL VPN Router with 4-Port Switch
Advanced VPN Tunnel Setup
Phase 1
Phase 1 is used to create a security association (SA), often
called the IKE SA. After Phase 1 is completed, Phase 2 is
used to create one or more IPSec SAs, which are then used
to key IPSec sessions.
Operation mode
There are two types of Phase 1
exchanges, Main mode and Aggressive mode, which
exchange the same IKE payloads in different sequences.
Main mode is for normal usage and includes more
authentication requirements than Aggressive mode.
If network security is preferred, select
Main mode
. If
network speed is preferred, select
Aggressive mode
. No
matter which mode is selected, the VPN Router will accept
both Main and Aggressive requests from the remote VPN
device.
Username
If a user on one side of the tunnel is using a
unique firewall identifier, then select this option and enter
the unique firewall identifier.
Proposal 1
Encryption
Select the length of the key used to encrypt/
decrypt ESP packets. Select
DES
or
3DES
. 3DES is
recommended because it is more secure.
Authentication
Select the method used to authenticate
ESP packets. Select
MD5
or
SHA
. SHA is recommended
because it is more secure.
Group
Select the Diffie-Hellman Group, which is a
cryptographic technique that uses public and private
keys for encryption and decryption. Select
768-bit
or
1024-bit
.
Key Lifetime
Enter the number of seconds you want
the key to last before a re-key negotiation between each
endpoint is completed. The default is
3600
seconds.
Phase 2
The Encryption, Authentication, and PFS settings are
automatically displayed.
Group
Select the Diffie-Hellman Group, which is a
cryptographic technique that uses public and private
keys for encryption and decryption. Select
768-bit
or
1024-bit
.
Key Lifetime
Enter the number of seconds you want
the key to last before a re-key negotiation between each
endpoint is completed. The default is
3600
seconds.
Other Settings
NetBIOS broadcast
To enable NetBIOS traffic to pass
through the VPN tunnel, select this option.
Anti-replay
Anti-replay protection keeps track of
sequence numbers as packets arrive, ensuring security at
the IP packet level. To enable the Anti-replay protection,
select this option.
Keep-Alive
Keep-Alive helps maintain IPSec VPN tunnel
connections. To re-establish the VPN tunnel whenever it is
dropped, select this option.
If IKE failed more than _ times, block this unauthorized
IP for _ seconds
To block unauthorized IP addresses,
select this option. Specify how many times IKE must fail
before blocking that unauthorized IP address for a length
of time that you specify.
On the
Advanced VPN Tunnel Setup
screen, click
Save
Settings
to apply your changes, or click
Cancel Changes
to cancel your changes.
On the
VPN
screen, click
Save Settings
to apply your
changes, or click
Cancel Changes
to cancel your
changes.
Access Restrictions
The
Access Restrictions
screen allows you to block or allow
specific kinds of Internet usage and traffic, such as Internet
access, designated services, and websites during specific
days and times.
