Wireless ADSL2+ Modem Router DG834Gv5 User Manual
6-4
Virtual Private Networking
v1.0, March 2010
•
Will either endpoint use fully qualified domain names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see
“Using a Fully Qualified Domain Name (FQDN)” on page B-7
)
can allow a VPN endpoint with a dynamic IP address to initiate or respond to a tunnel request.
Otherwise, the side using a dynamic IP address must always be the initiator.
•
Which method will you use to configure your VPN tunnels?
–
The VPN Wizard using VPNC defaults (see
Table 6-2
)
–
The typical automated Internet Key Exchange (IKE) setup (see
“Using Auto Policy to
Configure VPN Tunnels” on page 6-32
)
–
A manual keying setup in which you must specify each phase of the connection (see
“Using Manual Policy to Configure VPN Tunnels” on page 6-42
)?
•
What level of IPSec VPN encryption will you use?
–
DES
. The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56-bit key. Faster but less secure than 3DES.
–
3DES
. Triple DES achieves a higher level of security by encrypting the data three times
using DES with three different, unrelated keys.
•
What level of authentication will you use?
–
MDS
. 128 bits, faster but less secure.
–
SHA-1
. 160 bits, slower but more secure.
VPN Tunnel Configuration
There are two tunnel configurations and three ways to configure them:
Table 6-2. Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter
Factory Default
Secure Association
Main Mode
Authentication Method
Pre-shared Key
Encryption Method
3DES
Authentication Protocol
SHA-1
Diffie-Hellman (DH) Group
Group 2 (1024 bit)
Key Life
8 hours
IKE Life Time
1 hour
