NETGEAR ADSL MODEM WIRELESS DG834G User Manual
Page 113
Reference Manual for the ADSL Modem Wireless Router DG834G
Virtual Private Networking
8-5
v1.2, October 2006
•
Will either endpoint use Fully Qualified Domain Names (FQDNs)? FQDNs supplied by
Dynamic DNS providers (see
“The Use of a Fully Qualified Domain Name (FQDN)” on
) can allow a VPN endpoint with a dynamic IP address to initiate or respond to a
tunnel request. Otherwise, the side using a dynamic IP address must always be the initiator.
•
What method will you use to configure your VPN tunnels?
— The VPN Wizard using VPNC defaults (see
)
— The typical automated Internet Key Exchange (IKE) setup (see
Configure VPN Tunnels” on page 8-38
— A Manual Keying setup in which you must specify each phase of the connection (see
“Using Manual Policy to Configure VPN Tunnels” on page 8-49
)?
•
What level of IPSec VPN encryption will you use?
— DES - The Data Encryption Standard (DES) processes input data that is 64 bits wide,
encrypting these values using a 56 bit key. Faster but less secure than 3DES.
— 3DES - (Triple DES) achieves a higher level of security by encrypting the data three times
using DES with three different, unrelated keys.
•
What level of authentication will you use?
— MDS: 128 bits, faster but less secure.
— SHA-1: 160 bits, slower but more secure.
Table 8-2.
Parameters Recommended by the VPNC and Used in the VPN Wizard
Parameter
Factory Default
Secure Association
Main Mode
Authentication Method
Pre-shared Key
Encryption Method
3DES
Authentication Protocol
SHA-1
Diffie-Hellman (DH) Group
Group 2 (1024 bit)
Key Life
8 hours
IKE Life Time
1 hour