Reference Manual for the Model Wireless ADSL Firewall Router DG834G
8-40
Virtual Private Networking (Advanced Feature)
202-10006-05, June 2005
Local Identity Data
—enter the data for the selection above. (If "WAN IP Address" is selected, no
input is required.)
Remote Identity Type
—select the desired option to match the "Local Identity Type" setting on
the remote VPN endpoint.
•
IP Address
—
the Internet IP address of the remote VPN endpoint.
•
Fully Qualified Domain Nam
e
—
the Domain name of the remote VPN endpoint.
•
Fully Qualified User Name
—
the name, E-mail address, or other ID of the remote VPN
endpoint.
Remote Identity Data
—enter the data for the selection above. (If "IP Address" is selected, no
input is required.)
Parameters
Encryption Algorithm
—encryption Algorithm used for both IKE and IPSec. This setting must
match the setting used on the remote VPN Gateway. DES and 3DES are supported.
•
DES—the Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56 bit key. Faster but less secure than 3DES.
•
3DES—(Triple DES) achieves a higher level of security by encrypting the data three times
using DES with three different, unrelated keys.
Authentication Algorithm
—authentication Algorithm used for both IKE and IPSec. This setting
must match the setting used on the remote VPN Gateway. Auto, MD5, and SHA-1 are supported.
Auto negotiates with the remote VPN endpoint and is not available in responder-only mode.
•
MD5—128 bits, faster but less secure.
•
SHA-1 (default)—160 bits, slower but more secure.
Pre-shared Key
—the key must be entered both here and on the remote VPN Gateway.
SA Life Time
—this determines the time interval before the SA (Security Association) expires. (It
will automatically be re-established as required.) While using a short time period (or data amount)
increases security, it also degrades performance. It is common to use periods over an hour (3600
seconds) for the SA Life Time. This setting applies to both IKE and IPSec SAs.
IPSec PFS (Perfect Forward Secrecy)
—if enabled, security is enhanced by ensuring that the key
is changed at regular intervals. Also, even if one key is broken, subsequent keys are no easier to
break. (Each key has no relationship to the previous key.)