Virtual Private Networking
126
N600 Wireless Dual Band Gigabit VDSL2 Modem Router DGND3800B
IKE
Direction
This setting is used when the router determines if the IKE policy
matches the current traffic. Select an option.
•
Responder only
. Incoming connections are allowed, but outgoing
connections are blocked.
•
Initiator and Responder
. Both incoming and outgoing connections
are allowed.
Exchange Mode
Ensure that the remote VPN endpoint is set to use
Main Mode
.
Diffie-Hellman
(DH) Group
The Diffie-Hellman algorithm is used when keys are exchanged. The
DH Group setting determines the bit size used in the exchange. This
value has to match the value used on the remote VPN gateway.
Local Identity Type Select an option to match the Remote Identity Type setting on the
remote VPN endpoint.
•
WAN IP Address
. Your Internet IP address.
•
Fully Qualified Domain Name
. Your domain name.
•
Fully Qualified User Name
. Your name, email address, or other
ID.
Local Identity Data Enter the data for the local identity type that you selected. (If WAN IP
Address is selected, no input is required.)
Remote Identity
Type
Select the option that matches the
Local Identity Type
setting on the
remote VPN endpoint.
•
IP Address
. The Internet IP address of the remote VPN endpoint.
•
Fully Qualified Domain Nam
e. The domain name of the remote
VPN endpoint.
•
Fully Qualified User Name
. The name, email address, or other ID
of the remote VPN endpoint.
Remote Identity
Data
Enter the data for the remote identity type that you selected. If IP
Address is selected, no input is required.
Parameters
Encryption
Algorithm
The encryption algorithm used for both IKE and IPSec. This setting has
to match the setting used on the remote VPN gateway. DES and 3DES
are supported.
•
DES
. The Data Encryption Standard (DES) processes input data
that is 64 bits wide, encrypting these values using a 56-bit key. Faster
but less secure than 3DES.
•
3DES
. (Triple DES) achieves a higher level of security by encrypting
the data three times using DES with three different, unrelated keys.
Authentication
Algorithm
The authentication algorithm used for both IKE and IPSec. This setting
has to match the setting used on the remote VPN gateway. Auto, MD5,
and SHA-1 are supported. Auto negotiates with the remote VPN
endpoint and is not available in responder-only mode.
•
MD5
. 128 bits, faster but less secure.
•
SHA-1
. 160 bits, slower but more secure. This is the default.
Pre-shared Key
The key has to be entered both here and on the remote VPN gateway.
Table 7. VPN - Auto Policy screen settings (Continued)
Fields and Settings
Description