On Networks N300RM User Manual User Manual

Virtual Private Networking

90

N300 WiFi ADSL2+ Modem Router (N300RM)

-

Initiator and Responder

. Both incoming and outgoing connections are allowed.

•

Exchange Mode

. Ensure that the remote VPN endpoint is set to use Main mode.

•

Diffie-Hellman (DH) Group

. The Diffie-Hellman algorithm is used when keys are

exchanged. The DH Group setting determines the bit size used in the exchange. This
value needs to match the value used on the remote VPN gateway.

•

Local Identity Type

. Select an option to match the Remote Identity Type setting on the

remote VPN endpoint.

-

WAN IP Address

.

Your Internet IP address.

-

Fully Qualified Domain Name

. Your domain name.

-

Fully Qualified User Name

. Your name, email address, or other ID.

-

Local Identity Data

. Enter the data for the local identity type that you selected. (If

WAN IP Address is selected, no input is required.)

•

Remote Identity Type

. Select the option that matches the Local Identity Type setting on

the remote VPN endpoint.

-

IP Address

. The Internet IP address of the remote VPN endpoint.

-

Fully Qualified Domain Nam

e. The domain name of the remote VPN endpoint.

-

Fully Qualified User Name

. The name, email address, or other ID of the remote

VPN endpoint.

-

Remote Identity Data

. Enter the data for the remote identity type that you selected. If

IP Address is selected, no input is required.

VPN Auto Policy Parameters

•

Encryption Algorithm

. The encryption algorithm used for both IKE and IPSec. This

setting has to match the setting used on the remote VPN gateway. DES and 3DES are
supported.

-

DES

. The Data Encryption Standard (DES) processes input data that is 64 bits wide,

encrypting these values using a 56-bit key. Faster but less secure than 3DES.

-

3DES

. (Triple DES) achieves a higher level of security by encrypting the data three

times using DES with three different, unrelated keys.

•

Authentication Algorithm

. The authentication algorithm used for both IKE and IPSec.

This setting has to match the setting used on the remote VPN gateway. Auto, MD5, and
SHA-1 are supported. Auto negotiates with the remote VPN endpoint and is not available
in responder-only mode.

-

MD5

. 128 bits, faster but less secure.

-

SHA-1

. 160 bits, slower but more secure. This is the default.

•

Pre-shared Key

. The key has to be entered both here and on the remote VPN gateway.

•

SA Life Time

. The time interval before the SA (security association) expires. (It is

automatically reestablished as required.) While using a short time period (or data
amount) increases security, it also degrades performance. It is common to use periods
over an hour (3600 seconds) for the SA life time. This setting applies to both IKE and
IPSec SAs.