Step 4. IP compression is useful if the network speed is low and the user wants to quickly transmit the data without any loss through the slow network, but it does not provide any security. Step 5. Keep-Alive helps to re-establish the connections immediately if any connection becomes inactive. Step 6.
AH provides authentication to origin data, data integrity through checksum and protection into the IP header. The tunnel should have the same algorithm for both sides. Step 7. The default is unchecked. NetBIOS is used to detect network resources such as printers and computers in the network through some software applications and Windows features like Network Neighborhood. Step 8. Both ends of the tunnel must have the same settings.
Step 9. If you check this check box, enter the interval in seconds between hello messages. It offers more security than DES. Its key size is bits. This is the most secure encryption algorithm available. In the Phase 1 Authentication and Phase 2 Authentication drop-down lists, choose one of these options:. With this value, the algorithm checks for integrity in the data exchanged, and it makes sure the data has not changed. This algorithm checks the integrity of the shared information between the two ends of the VPN tunnel.
It produces a hash value which is shared to authenticate the key on both ends of the VPN tunnel. The default value for Phase 1 is seconds.
The default value for Phase 2 is seconds. Note: Phase 1 and Phase 2 configuration must be the same on both routers. In the Preshared Key, enter the key both routers will share for authentication.
These options enhance the security features of your VPN tunnel. These options are optional, but if you set advanced options on one router, make sure to set the same options on the other router. The next section explains these options. The Advanced page opens:. If you choose this option, skip to Step 8. Step If you choose this option, skip to Step If there are other DNS servers, enter the address of those servers in the remaining Server Address fields.
Choose the appropriate method of authentication from the Authentication Method drop-down list. The client will authenticate the gateway. The credentials will be in the form of a shared secret string. Choose the appropriate identification option from the Identification Type drop-down list.
Not all options are available for all authentication modes. If you choose this option, follow Step 3 and then skip to Step 7. If you choose this option, follow Step 4 and then skip to Step 7. If you check Use a discovered local host address , the IP address is discovered automatically. If you choose this option, follow Step 5 and then skip to Step 7. If you choose this option, follow Step 6 and Step 7. You are only able to choose this option if you choose an RSA authentication method in Step 2 of the Authentication section.
Check the Use the subject in the received certificate but don't compare it with a specific value check boxto automatically receive the certificate. If you choose this option, follow Step 3 and then skip to Step 8. You are only able to choose this option if you choose a PSK authentication method in Step 2 of the Authentication section. If you choose this option, follow Step 4 and then skip to Step 8. If you choose this option, follow Step 5 and then skip to Step 8.
If you choose this option, follow Step 6 and then skip to Step 8. If you choose this option, follow Step 7 and Step 8. Enter the key identifier to identify the local client in the Key ID String field.
To choose the Server Certificate File, click the To choose the Client Certificate File, click the To choose the Client Private Key File, click the Enter the preshared key in the PreShared Key field.
This should be the same key that you use during the configuration of the tunnel. In the Cipher Algorithm drop-down list, choose the appropriate option that was chosen during the configuration of theVPN Connection.
In the Cipher Key Length drop-down list, choose the option that matches the key length of the option that was chosen during your configuration of the VPN Connection. In the Hash Algorithm drop-down list, choose the option that was chosen during your configuration of the VPN Connection. In the Key Life Data limit field, enter the value in kilobytes to protect. The default value is 0 which turns off the feature. Note: In the Phase 2 section, you can configure the parameters such that an IPsec SA with the remote client gateway can be established.
In the Transform Algorithm drop-down list, choose the option that was chosen during the configuration of the VPN connection. In the Transform Key Length drop-down list, choose the option that matches the key length of the option that was chosen during the configuration of the VPN connection. If enabled, negotiation is made for each policy directly after connected.
If disabled, negotiation is made on a need basis. Optional To receive an automatically provided list of networks from the device, or to send all packets to the RV0XX by default, check the Obtain Topology Automatically or Tunnel All check box.
0コメント